Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
aHoqCI0AZq.exe

Overview

General Information

Sample name:aHoqCI0AZq.exe
renamed because original name is a hash value
Original sample name:7f1fb038ce59b5f4808ae37a9c3be0f6.exe
Analysis ID:1568324
MD5:7f1fb038ce59b5f4808ae37a9c3be0f6
SHA1:3d2cba739389d5b82601f4976719434a385c3f24
SHA256:e74135c647bb065e27f85b5bedb57b63c5731df0dd5d92877187be3cf6a2594e
Tags:exeuser-abuse_ch
Infos:

Detection

RHADAMANTHYS
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected RHADAMANTHYS Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops large PE files
Injects a PE file into a foreign processes
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
One or more processes crash
PE file contains an invalid checksum
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Keylogger Generic

Classification

  • System is w10x64
  • aHoqCI0AZq.exe (PID: 7648 cmdline: "C:\Users\user\Desktop\aHoqCI0AZq.exe" MD5: 7F1FB038CE59B5F4808AE37A9C3BE0F6)
    • aHoqCI0AZq.exe (PID: 7972 cmdline: "C:\Users\user\Desktop\aHoqCI0AZq.exe" MD5: 7F1FB038CE59B5F4808AE37A9C3BE0F6)
      • svchost.exe (PID: 8020 cmdline: "C:\Windows\System32\svchost.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
        • fontdrvhost.exe (PID: 1196 cmdline: "C:\Windows\System32\fontdrvhost.exe" MD5: BBCB897697B3442657C7D6E3EDDBD25F)
          • WerFault.exe (PID: 6648 cmdline: C:\Windows\system32\WerFault.exe -u -p 1196 -s 144 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
      • WerFault.exe (PID: 8092 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 412 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
RhadamanthysAccording to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.
  • Sandworm
https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys
{"C2 url": "https://104.37.175.221:7575/1b422f87470a4ca5005/murvffju.id6pw"}
SourceRuleDescriptionAuthorStrings
00000005.00000003.1485912236.0000000000530000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
    00000004.00000003.1481987026.0000000000980000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
      00000004.00000003.1484841394.0000000003130000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
        00000004.00000002.1492074686.0000000000B60000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
          00000005.00000003.1489510673.0000000004C10000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
            Click to see the 5 entries
            SourceRuleDescriptionAuthorStrings
            5.3.svchost.exe.4e30000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
              4.3.aHoqCI0AZq.exe.3130000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                4.3.aHoqCI0AZq.exe.2f10000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                  5.3.svchost.exe.4e30000.7.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                    5.3.svchost.exe.4c10000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security

                      System Summary

                      barindex
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\aHoqCI0AZq.exe, ProcessId: 7648, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DiskTuner
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\aHoqCI0AZq.exe", ParentImage: C:\Users\user\Desktop\aHoqCI0AZq.exe, ParentProcessId: 7972, ParentProcessName: aHoqCI0AZq.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 8020, ProcessName: svchost.exe
                      Source: Process startedAuthor: vburov: Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\aHoqCI0AZq.exe", ParentImage: C:\Users\user\Desktop\aHoqCI0AZq.exe, ParentProcessId: 7972, ParentProcessName: aHoqCI0AZq.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 8020, ProcessName: svchost.exe
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-04T14:53:08.085738+010028548021Domain Observed Used for C2 Detected104.37.175.2217575192.168.2.749740TCP

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Source: 0.2.aHoqCI0AZq.exe.24a0000.2.unpackMalware Configuration Extractor: Rhadamanthys {"C2 url": "https://104.37.175.221:7575/1b422f87470a4ca5005/murvffju.id6pw"}
                      Source: aHoqCI0AZq.exeReversingLabs: Detection: 15%
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Source: aHoqCI0AZq.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                      Source: Binary string: wkernel32.pdb source: aHoqCI0AZq.exe, 00000004.00000003.1484391768.0000000003030000.00000004.00000001.00020000.00000000.sdmp, aHoqCI0AZq.exe, 00000004.00000003.1484306428.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1489064980.0000000004C10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1489242909.0000000004D30000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdb source: aHoqCI0AZq.exe, 00000004.00000003.1484841394.0000000003130000.00000004.00000001.00020000.00000000.sdmp, aHoqCI0AZq.exe, 00000004.00000003.1484615371.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1489510673.0000000004C10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1489713350.0000000004E30000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdb source: aHoqCI0AZq.exe, 00000004.00000003.1483435547.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, aHoqCI0AZq.exe, 00000004.00000003.1483614068.0000000003100000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1487776975.0000000004C10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1488122441.0000000004E00000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdbUGP source: aHoqCI0AZq.exe, 00000004.00000003.1484091343.00000000030B0000.00000004.00000001.00020000.00000000.sdmp, aHoqCI0AZq.exe, 00000004.00000003.1483886952.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1488712758.0000000004C10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1488871807.0000000004DB0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdbUGP source: aHoqCI0AZq.exe, 00000004.00000003.1483435547.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, aHoqCI0AZq.exe, 00000004.00000003.1483614068.0000000003100000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1487776975.0000000004C10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1488122441.0000000004E00000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: aHoqCI0AZq.exe, 00000004.00000003.1484091343.00000000030B0000.00000004.00000001.00020000.00000000.sdmp, aHoqCI0AZq.exe, 00000004.00000003.1483886952.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1488712758.0000000004C10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1488871807.0000000004DB0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdbUGP source: aHoqCI0AZq.exe, 00000004.00000003.1484841394.0000000003130000.00000004.00000001.00020000.00000000.sdmp, aHoqCI0AZq.exe, 00000004.00000003.1484615371.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1489510673.0000000004C10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1489713350.0000000004E30000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernel32.pdbUGP source: aHoqCI0AZq.exe, 00000004.00000003.1484391768.0000000003030000.00000004.00000001.00020000.00000000.sdmp, aHoqCI0AZq.exe, 00000004.00000003.1484306428.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1489064980.0000000004C10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1489242909.0000000004D30000.00000004.00000001.00020000.00000000.sdmp
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 4x nop then dec esp9_2_00000190CD2E0511

                      Networking

                      barindex
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 104.37.175.221:7575 -> 192.168.2.7:49740
                      Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 104.37.175.221 7575Jump to behavior
                      Source: Malware configuration extractorURLs: https://104.37.175.221:7575/1b422f87470a4ca5005/murvffju.id6pw
                      Source: global trafficTCP traffic: 192.168.2.7:49740 -> 104.37.175.221:7575
                      Source: Joe Sandbox ViewASN Name: MAJESTIC-HOSTING-01US MAJESTIC-HOSTING-01US
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                      Source: aHoqCI0AZq.exe, DiskTuner.exe.0.drString found in binary or memory: http://%shttp://a.SharedObject.BadPersistencependingSharedObject.UriMismatch
                      Source: aHoqCI0AZq.exe, DiskTuner.exe.0.drString found in binary or memory: http://.macromedia.com/support/flashplayer/sys/https://SettingsSubdomainmms.cfgdefaultAuthorLocalSec
                      Source: aHoqCI0AZq.exe, DiskTuner.exe.0.drString found in binary or memory: http://www.macromedia.com
                      Source: aHoqCI0AZq.exe, DiskTuner.exe.0.drString found in binary or memory: http://www.macromedia.comhttps://www.macromedia.com/support/flashplayer/sys/&amp
                      Source: svchost.exe, 00000005.00000002.1577013593.0000000002B0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.1576471539.000000000044C000.00000004.00000010.00020000.00000000.sdmp, fontdrvhost.exe, fontdrvhost.exe, 00000009.00000002.1876854248.00000190CD2E0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://104.37.175.221:7575/1b422f87470a4ca5005/murvffju.id6pw
                      Source: svchost.exe, 00000005.00000002.1577013593.0000000002B0C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000009.00000002.1876854248.00000190CD2E0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://104.37.175.221:7575/1b422f87470a4ca5005/murvffju.id6pwkernelbasentdllkernel32GetProcessMitig
                      Source: svchost.exe, 00000005.00000002.1576471539.000000000044C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://104.37.175.221:7575/1b422f87470a4ca5005/murvffju.id6pwx
                      Source: svchost.exe, 00000005.00000003.1507101927.0000000002B9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-query
                      Source: svchost.exe, 00000005.00000003.1507101927.0000000002B9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachi
                      Source: aHoqCI0AZq.exe, DiskTuner.exe.0.drString found in binary or memory: https://www.macromedia.com/bin/flashdownload.cgi
                      Source: aHoqCI0AZq.exe, DiskTuner.exe.0.drString found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 0_2_004D9AB0 GlobalAlloc,GlobalLock,GlobalUnlock,WideCharToMultiByte,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,SetClipboardData,SetClipboardData,CloseClipboard,0_2_004D9AB0
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 0_2_004D9AB0 GlobalAlloc,GlobalLock,GlobalUnlock,WideCharToMultiByte,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,SetClipboardData,SetClipboardData,CloseClipboard,0_2_004D9AB0
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_2_004D9AB0 GlobalAlloc,GlobalLock,GlobalUnlock,WideCharToMultiByte,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,SetClipboardData,SetClipboardData,CloseClipboard,4_2_004D9AB0
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 0_2_004D9C20 OpenClipboard,GetClipboardData,GetClipboardData,GetClipboardData,GetClipboardData,CloseClipboard,0_2_004D9C20
                      Source: aHoqCI0AZq.exe, 00000004.00000003.1484841394.0000000003130000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_df23fc7a-9
                      Source: aHoqCI0AZq.exe, 00000004.00000003.1484841394.0000000003130000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_7b3fd3b0-2
                      Source: Yara matchFile source: 5.3.svchost.exe.4e30000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.aHoqCI0AZq.exe.3130000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.aHoqCI0AZq.exe.2f10000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.3.svchost.exe.4e30000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.3.svchost.exe.4c10000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000004.00000003.1484841394.0000000003130000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.1489510673.0000000004C10000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1484615371.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.1489713350.0000000004E30000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: aHoqCI0AZq.exe PID: 7972, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 8020, type: MEMORYSTR

                      System Summary

                      barindex
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeFile dump: DiskTuner.exe.0.dr 979567349Jump to dropped file
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 9_2_00000190CD2E1CF4 NtAcceptConnectPort,CloseHandle,9_2_00000190CD2E1CF4
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 9_2_00000190CD2E0AC8 NtAcceptConnectPort,NtAcceptConnectPort,9_2_00000190CD2E0AC8
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 9_2_00000190CD2E15C0 NtAcceptConnectPort,9_2_00000190CD2E15C0
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 9_2_00000190CD2E1AA4 NtAcceptConnectPort,NtAcceptConnectPort,9_2_00000190CD2E1AA4
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 0_2_0040A0200_2_0040A020
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 0_2_0042D3000_2_0042D300
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 0_2_0043C3C00_2_0043C3C0
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 0_2_0042D39B0_2_0042D39B
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 0_2_0042D4F90_2_0042D4F9
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 0_2_0041B4B00_2_0041B4B0
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 0_2_004206700_2_00420670
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 0_2_004166210_2_00416621
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 0_2_0045E8700_2_0045E870
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 0_2_0047DA000_2_0047DA00
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 0_2_0040ACD00_2_0040ACD0
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 0_2_00429E100_2_00429E10
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 0_2_00464EE00_2_00464EE0
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_3_007D81D24_3_007D81D2
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_3_007CC2314_3_007CC231
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_3_007CC4004_3_007CC400
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_2_0040A0204_2_0040A020
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_2_0042D3004_2_0042D300
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_2_0042D39B4_2_0042D39B
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_2_004033A14_2_004033A1
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_2_0042D4F94_2_0042D4F9
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_2_0041B4B04_2_0041B4B0
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_2_004206704_2_00420670
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_2_004166214_2_00416621
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_2_0045E8704_2_0045E870
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_2_0047DA004_2_0047DA00
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_2_0040ACD04_2_0040ACD0
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_2_00429E104_2_00429E10
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_2_00464EE04_2_00464EE0
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 9_2_00000190CD2E0C709_2_00000190CD2E0C70
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: String function: 00435140 appears 66 times
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: String function: 007CCD90 appears 33 times
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: String function: 004C9120 appears 58 times
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: String function: 00435350 appears 68 times
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 412
                      Source: aHoqCI0AZq.exeBinary or memory string: OriginalFilename vs aHoqCI0AZq.exe
                      Source: aHoqCI0AZq.exe, 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSAFlashPlayer.exe@ vs aHoqCI0AZq.exe
                      Source: aHoqCI0AZq.exe, 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs aHoqCI0AZq.exe
                      Source: aHoqCI0AZq.exe, 00000000.00000002.1521420813.0000000002692000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSAFlashPlayer.exe@ vs aHoqCI0AZq.exe
                      Source: aHoqCI0AZq.exe, 00000000.00000000.1303437144.0000000000628000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSAFlashPlayer.exe@ vs aHoqCI0AZq.exe
                      Source: aHoqCI0AZq.exe, 00000000.00000002.1521247142.00000000024E9000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs aHoqCI0AZq.exe
                      Source: aHoqCI0AZq.exe, 00000004.00000000.1471315240.0000000000628000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSAFlashPlayer.exe@ vs aHoqCI0AZq.exe
                      Source: aHoqCI0AZq.exe, 00000004.00000003.1484841394.0000000003311000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKernelbase.dllj% vs aHoqCI0AZq.exe
                      Source: aHoqCI0AZq.exe, 00000004.00000003.1484306428.0000000002FA2000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs aHoqCI0AZq.exe
                      Source: aHoqCI0AZq.exe, 00000004.00000003.1483435547.0000000003088000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs aHoqCI0AZq.exe
                      Source: aHoqCI0AZq.exe, 00000004.00000003.1485815362.00000000007E9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs aHoqCI0AZq.exe
                      Source: aHoqCI0AZq.exe, 00000004.00000003.1484391768.0000000003030000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \[FileVersionProductVersionFileDescriptionCompanyNameProductNameOriginalFilenameInternalNameLegalCopyright vs aHoqCI0AZq.exe
                      Source: aHoqCI0AZq.exe, 00000004.00000003.1484306428.0000000002F10000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \[FileVersionProductVersionFileDescriptionCompanyNameProductNameOriginalFilenameInternalNameLegalCopyright vs aHoqCI0AZq.exe
                      Source: aHoqCI0AZq.exe, 00000004.00000003.1483886952.0000000003033000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs aHoqCI0AZq.exe
                      Source: aHoqCI0AZq.exe, 00000004.00000003.1482286093.00000000007E9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs aHoqCI0AZq.exe
                      Source: aHoqCI0AZq.exe, 00000004.00000003.1484391768.0000000003080000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs aHoqCI0AZq.exe
                      Source: aHoqCI0AZq.exe, 00000004.00000003.1484615371.0000000002F10000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKernelbase.dllj% vs aHoqCI0AZq.exe
                      Source: aHoqCI0AZq.exe, 00000004.00000003.1484091343.00000000031DD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs aHoqCI0AZq.exe
                      Source: aHoqCI0AZq.exe, 00000004.00000003.1483614068.0000000003286000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs aHoqCI0AZq.exe
                      Source: aHoqCI0AZq.exeBinary or memory string: OriginalFilenameSAFlashPlayer.exe@ vs aHoqCI0AZq.exe
                      Source: aHoqCI0AZq.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                      Source: aHoqCI0AZq.exe, 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmp, aHoqCI0AZq.exe, 00000000.00000002.1521247142.00000000024E9000.00000040.00001000.00020000.00000000.sdmp, aHoqCI0AZq.exe, 00000004.00000003.1485815362.00000000007E9000.00000040.00000400.00020000.00000000.sdmp, aHoqCI0AZq.exe, 00000004.00000003.1482286093.00000000007E9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: .a_po^ ojYd.o B U.R G v.Q_F& ZNH K.9.sV`OQ qOq_A( N5.j P.X z.k.Yf_HL.P.L`.C Ue_q_B_t.h{_yr\=A f.3_q_Fvb_H_bm W.UP#.by_iY.Yw I.Y_G p.3c g.Zy S v.U.N C_m Z_i.H_j B l_DH_Pd.iz_O.f~ U z_Mv_d7 T Mz.f.594/}_m kS.v.D u.rZu.S G.N_x.V J.Q.G FO^.X<.6_fv.V ny.L,_E.2.m I_l.b$ Mx sZ.K! p.Y.U.V:U.89 R_H F3.d_R A UQ.C_y y Y Jb.Q_S.N.s< l_Ab~[_w9zV?!C9.N_HQ)*_n R.tP Ww_u aU;.V EPk Xr.Q0.y.A!]_b!7 g.R_pF.E_b o.o.q.o_E.T_rdfw.c}_ck.4.Y_w:_P.B(#`_xy_i.3_Y.A_N.q.6.YE_S_T.R H n.R_d_F.V.s_R68).I aL q.H b.W.Q!.r b_w c c$_va.X_v.tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_C_Q.e J q7E V P.LP_Q.kTN_c.F.D gc.hT_s_Q1
                      Source: aHoqCI0AZq.exe, aHoqCI0AZq.exe, 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmp, aHoqCI0AZq.exe, 00000000.00000002.1521247142.00000000024E9000.00000040.00001000.00020000.00000000.sdmp, aHoqCI0AZq.exe, 00000004.00000003.1485815362.00000000007E9000.00000040.00000400.00020000.00000000.sdmp, aHoqCI0AZq.exe, 00000004.00000003.1482286093.00000000007E9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: .tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_
                      Source: classification engineClassification label: mal100.troj.evad.winEXE@9/6@0/1
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 0_2_004F9340 CoCreateInstance,0_2_004F9340
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeFile created: C:\Users\user\Videos\DiskTunerJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-195888c1-7ce7-75016d-42dd42d214e3}
                      Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1196
                      Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\7bd64386-d275-404c-9293-e33bc37f04a2Jump to behavior
                      Source: aHoqCI0AZq.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: aHoqCI0AZq.exeReversingLabs: Detection: 15%
                      Source: aHoqCI0AZq.exeString found in binary or memory: ms-help:
                      Source: aHoqCI0AZq.exeString found in binary or memory: B_flashuseCodepageStandAloneWIN 8,0,22,0A=%b&SA=%b&SV=%b&EV=%b&MP3=%b&AE=%b&VE=%b&ACC=%b&PR=%b&SP=%b&SB=%b&DEB=%b&V=%s%s&PT=%s&AVD=%b&LFD=%b&WD=%b%20http://%s/scriptms-help:mk:ms-itss:ms-its:its:vshelp:local:shell:
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeFile read: C:\Users\user\Desktop\aHoqCI0AZq.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\aHoqCI0AZq.exe "C:\Users\user\Desktop\aHoqCI0AZq.exe"
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeProcess created: C:\Users\user\Desktop\aHoqCI0AZq.exe "C:\Users\user\Desktop\aHoqCI0AZq.exe"
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 412
                      Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                      Source: C:\Windows\System32\fontdrvhost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 1196 -s 144
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeProcess created: C:\Users\user\Desktop\aHoqCI0AZq.exe "C:\Users\user\Desktop\aHoqCI0AZq.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeSection loaded: wsock32.dllJump to behavior
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeSection loaded: k7rn7l32.dllJump to behavior
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeSection loaded: ntd3ll.dllJump to behavior
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: powrprof.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: umpdc.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
                      Source: aHoqCI0AZq.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                      Source: aHoqCI0AZq.exeStatic file information: File size 2981888 > 1048576
                      Source: aHoqCI0AZq.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x13c000
                      Source: aHoqCI0AZq.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x175000
                      Source: Binary string: wkernel32.pdb source: aHoqCI0AZq.exe, 00000004.00000003.1484391768.0000000003030000.00000004.00000001.00020000.00000000.sdmp, aHoqCI0AZq.exe, 00000004.00000003.1484306428.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1489064980.0000000004C10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1489242909.0000000004D30000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdb source: aHoqCI0AZq.exe, 00000004.00000003.1484841394.0000000003130000.00000004.00000001.00020000.00000000.sdmp, aHoqCI0AZq.exe, 00000004.00000003.1484615371.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1489510673.0000000004C10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1489713350.0000000004E30000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdb source: aHoqCI0AZq.exe, 00000004.00000003.1483435547.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, aHoqCI0AZq.exe, 00000004.00000003.1483614068.0000000003100000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1487776975.0000000004C10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1488122441.0000000004E00000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdbUGP source: aHoqCI0AZq.exe, 00000004.00000003.1484091343.00000000030B0000.00000004.00000001.00020000.00000000.sdmp, aHoqCI0AZq.exe, 00000004.00000003.1483886952.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1488712758.0000000004C10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1488871807.0000000004DB0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdbUGP source: aHoqCI0AZq.exe, 00000004.00000003.1483435547.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, aHoqCI0AZq.exe, 00000004.00000003.1483614068.0000000003100000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1487776975.0000000004C10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1488122441.0000000004E00000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: aHoqCI0AZq.exe, 00000004.00000003.1484091343.00000000030B0000.00000004.00000001.00020000.00000000.sdmp, aHoqCI0AZq.exe, 00000004.00000003.1483886952.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1488712758.0000000004C10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1488871807.0000000004DB0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdbUGP source: aHoqCI0AZq.exe, 00000004.00000003.1484841394.0000000003130000.00000004.00000001.00020000.00000000.sdmp, aHoqCI0AZq.exe, 00000004.00000003.1484615371.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1489510673.0000000004C10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1489713350.0000000004E30000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernel32.pdbUGP source: aHoqCI0AZq.exe, 00000004.00000003.1484391768.0000000003030000.00000004.00000001.00020000.00000000.sdmp, aHoqCI0AZq.exe, 00000004.00000003.1484306428.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1489064980.0000000004C10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.1489242909.0000000004D30000.00000004.00000001.00020000.00000000.sdmp
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 0_2_004D7960 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004D7960
                      Source: aHoqCI0AZq.exeStatic PE information: real checksum: 0x241059 should be: 0x2df41b
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 0_2_004CA770 push eax; ret 0_2_004CA784
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 0_2_004CA770 push eax; ret 0_2_004CA7AC
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_3_007DB86D push ebx; ret 4_3_007DB864
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_3_007DA840 push ebp; retf 4_3_007DA841
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_3_007DE83C pushad ; ret 4_3_007DE841
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_3_007DE80E push eax; iretd 4_3_007DE81D
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_3_007DA0F9 push FFFFFF82h; iretd 4_3_007DA0FB
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_3_007DD8A0 push 0000002Eh; iretd 4_3_007DD8A2
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_3_007D8904 push ecx; ret 4_3_007D8917
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_3_007DB1DD push eax; ret 4_3_007DB1DF
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_3_007DE586 pushad ; retf 4_3_007DE599
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_3_007D9F6A push eax; ret 4_3_007D9F75
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_3_007DB70B push ebx; ret 4_3_007DB864
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_2_004381E0 push ecx; retf 4_2_004382AC
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_2_004381A0 push ecx; retf 4_2_004382AC
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_2_004CA770 push eax; ret 4_2_004CA784
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_2_004CA770 push eax; ret 4_2_004CA7AC
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_2_00434C60 push edi; retf 4_2_00434D5F
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_2_00434CF0 push edi; retf 4_2_00434D5F
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_2_00434C90 push edi; retf 4_2_00434D5F
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_2_00434CB0 push edi; retf 4_2_00434D5F
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_2_00447D60 push ecx; retf 4_2_00447E0D
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_2_00436DB0 push ecx; retf 4_2_00436EEF
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 5_3_0048225D push eax; ret 5_3_0048225F
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 5_3_00485606 pushad ; retf 5_3_00485619
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 5_3_00486012 push 00000038h; iretd 5_3_0048601D
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 5_3_004818C0 push ebp; retf 5_3_004818C1
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 5_3_004828ED push ebx; ret 5_3_004828E4
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 5_3_0048588E push eax; iretd 5_3_0048589D
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 5_3_004858BC pushad ; ret 5_3_004858C1
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 5_3_00481179 push FFFFFF82h; iretd 5_3_0048117B
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeFile created: C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exeJump to dropped file
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DiskTunerJump to behavior
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DiskTunerJump to behavior

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (31).png
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 0_2_004D7960 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004D7960
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeAPI/Special instruction interceptor: Address: 7FFB2CECD044
                      Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFB2CECD044
                      Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 4F5B83A
                      Source: aHoqCI0AZq.exe, 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmp, aHoqCI0AZq.exe, 00000000.00000002.1521247142.00000000024E9000.00000040.00001000.00020000.00000000.sdmp, aHoqCI0AZq.exe, 00000004.00000003.1485815362.00000000007E9000.00000040.00000400.00020000.00000000.sdmp, aHoqCI0AZq.exe, 00000004.00000003.1482286093.00000000007E9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: ORIGINALFILENAMECFF EXPLORER.EXE:
                      Source: aHoqCI0AZq.exeBinary or memory string: CFF EXPLORER.EXE
                      Source: aHoqCI0AZq.exe, 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmp, aHoqCI0AZq.exe, 00000000.00000002.1521247142.00000000024E9000.00000040.00001000.00020000.00000000.sdmp, aHoqCI0AZq.exe, 00000004.00000003.1485815362.00000000007E9000.00000040.00000400.00020000.00000000.sdmp, aHoqCI0AZq.exe, 00000004.00000003.1482286093.00000000007E9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: INTERNALNAMECFF EXPLORER.EXE
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeDropped PE file which has not been started: C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exeJump to dropped file
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeAPI coverage: 0.4 %
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: svchost.exe, 00000005.00000003.1489713350.0000000004E30000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DisableGuestVmNetworkConnectivity
                      Source: svchost.exe, 00000005.00000002.1576845213.0000000002A00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: svchost.exe, 00000005.00000002.1576994464.0000000002A5C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWRSVP UDPv6 Service Provider
                      Source: svchost.exe, 00000005.00000002.1576845213.0000000002A00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
                      Source: svchost.exe, 00000005.00000003.1489713350.0000000004E30000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: EnableGuestVmNetworkConnectivity
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_3_007D9098 VirtualAlloc,LdrInitializeThunk,VirtualFree,4_3_007D9098
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 0_2_004D7960 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004D7960
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_3_007D9277 mov eax, dword ptr fs:[00000030h]4_3_007D9277
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 5_3_00480283 mov eax, dword ptr fs:[00000030h]5_3_00480283
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 0_2_0052B440 GetProcessHeap,HeapAlloc,0_2_0052B440
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeProcess created: C:\Users\user\Desktop\aHoqCI0AZq.exe "C:\Users\user\Desktop\aHoqCI0AZq.exe"Jump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 104.37.175.221 7575Jump to behavior
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeMemory written: C:\Users\user\Desktop\aHoqCI0AZq.exe base: 7A0000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 4_3_007CCDD5 cpuid 4_3_007CCDD5
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: GetCurrentThreadId,GetKeyboardLayout,GetLocaleInfoA,0_2_004C9670
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: GetCurrentThreadId,GetKeyboardLayout,GetLocaleInfoA,4_2_004C9670
                      Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 0_2_004CE5B0 GetSystemTime,GetTimeZoneInformation,0_2_004CE5B0
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 0_2_004CE5B0 GetSystemTime,GetTimeZoneInformation,0_2_004CE5B0
                      Source: C:\Users\user\Desktop\aHoqCI0AZq.exeCode function: 0_2_004CB0E0 GetVersionExA,0_2_004CB0E0
                      Source: C:\Windows\SysWOW64\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Source: Yara matchFile source: 00000005.00000003.1485912236.0000000000530000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1481987026.0000000000980000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1492074686.0000000000B60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.1577253029.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

                      Remote Access Functionality

                      barindex
                      Source: Yara matchFile source: 00000005.00000003.1485912236.0000000000530000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1481987026.0000000000980000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1492074686.0000000000B60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.1577253029.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
                      Windows Management Instrumentation
                      1
                      Registry Run Keys / Startup Folder
                      211
                      Process Injection
                      11
                      Masquerading
                      21
                      Input Capture
                      2
                      System Time Discovery
                      Remote Services21
                      Input Capture
                      1
                      Encrypted Channel
                      Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts2
                      Command and Scripting Interpreter
                      1
                      DLL Side-Loading
                      1
                      Registry Run Keys / Startup Folder
                      1
                      Virtualization/Sandbox Evasion
                      LSASS Memory221
                      Security Software Discovery
                      Remote Desktop Protocol1
                      Archive Collected Data
                      1
                      Non-Standard Port
                      Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain Accounts1
                      Native API
                      Logon Script (Windows)1
                      DLL Side-Loading
                      1
                      Disable or Modify Tools
                      Security Account Manager1
                      Virtualization/Sandbox Evasion
                      SMB/Windows Admin Shares3
                      Clipboard Data
                      1
                      Application Layer Protocol
                      Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook211
                      Process Injection
                      NTDS1
                      Process Discovery
                      Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      Deobfuscate/Decode Files or Information
                      LSA Secrets135
                      System Information Discovery
                      SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
                      Obfuscated Files or Information
                      Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                      DLL Side-Loading
                      DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand
                      SourceDetectionScannerLabelLink
                      aHoqCI0AZq.exe16%ReversingLabs
                      No Antivirus matches
                      No Antivirus matches
                      No Antivirus matches
                      SourceDetectionScannerLabelLink
                      https://104.37.175.221:7575/1b422f87470a4ca5005/murvffju.id6pwkernelbasentdllkernel32GetProcessMitig0%Avira URL Cloudsafe
                      http://%shttp://a.SharedObject.BadPersistencependingSharedObject.UriMismatch0%Avira URL Cloudsafe
                      https://104.37.175.221:7575/1b422f87470a4ca5005/murvffju.id6pwx0%Avira URL Cloudsafe
                      https://104.37.175.221:7575/1b422f87470a4ca5005/murvffju.id6pw0%Avira URL Cloudsafe
                      No contacted domains info
                      NameMaliciousAntivirus DetectionReputation
                      https://104.37.175.221:7575/1b422f87470a4ca5005/murvffju.id6pwtrue
                      • Avira URL Cloud: safe
                      unknown
                      NameSourceMaliciousAntivirus DetectionReputation
                      https://104.37.175.221:7575/1b422f87470a4ca5005/murvffju.id6pwkernelbasentdllkernel32GetProcessMitigsvchost.exe, 00000005.00000002.1577013593.0000000002B0C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000009.00000002.1876854248.00000190CD2E0000.00000040.00000001.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://cloudflare-dns.com/dns-querysvchost.exe, 00000005.00000003.1507101927.0000000002B9F000.00000004.00000020.00020000.00000000.sdmpfalse
                        high
                        http://www.macromedia.comaHoqCI0AZq.exe, DiskTuner.exe.0.drfalse
                          high
                          https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachisvchost.exe, 00000005.00000003.1507101927.0000000002B9F000.00000004.00000020.00020000.00000000.sdmpfalse
                            high
                            https://104.37.175.221:7575/1b422f87470a4ca5005/murvffju.id6pwxsvchost.exe, 00000005.00000002.1576471539.000000000044C000.00000004.00000010.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://%shttp://a.SharedObject.BadPersistencependingSharedObject.UriMismatchaHoqCI0AZq.exe, DiskTuner.exe.0.drfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://.macromedia.com/support/flashplayer/sys/https://SettingsSubdomainmms.cfgdefaultAuthorLocalSecaHoqCI0AZq.exe, DiskTuner.exe.0.drfalse
                              high
                              http://www.macromedia.comhttps://www.macromedia.com/support/flashplayer/sys/&ampaHoqCI0AZq.exe, DiskTuner.exe.0.drfalse
                                high
                                https://www.macromedia.com/bin/flashdownload.cgiaHoqCI0AZq.exe, DiskTuner.exe.0.drfalse
                                  high
                                  https://www.macromedia.com/support/flashplayer/sys/aHoqCI0AZq.exe, DiskTuner.exe.0.drfalse
                                    high
                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs
                                    IPDomainCountryFlagASNASN NameMalicious
                                    104.37.175.221
                                    unknownUnited States
                                    396073MAJESTIC-HOSTING-01UStrue
                                    Joe Sandbox version:41.0.0 Charoite
                                    Analysis ID:1568324
                                    Start date and time:2024-12-04 14:51:45 +01:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:0h 8m 21s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:16
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Sample name:aHoqCI0AZq.exe
                                    renamed because original name is a hash value
                                    Original Sample Name:7f1fb038ce59b5f4808ae37a9c3be0f6.exe
                                    Detection:MAL
                                    Classification:mal100.troj.evad.winEXE@9/6@0/1
                                    EGA Information:
                                    • Successful, ratio: 50%
                                    HCA Information:Failed
                                    Cookbook Comments:
                                    • Found application associated with file extension: .exe
                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                    • Excluded IPs from analysis (whitelisted): 20.189.173.20
                                    • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus15.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                    • Execution Graph export aborted for target aHoqCI0AZq.exe, PID 7972 because there are no executed function
                                    • Execution Graph export aborted for target svchost.exe, PID 8020 because there are no executed function
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                    • VT rate limit hit for: aHoqCI0AZq.exe
                                    TimeTypeDescription
                                    10:41:07API Interceptor1x Sleep call for process: WerFault.exe modified
                                    16:40:34AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run DiskTuner C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe
                                    16:40:42AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run DiskTuner C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe
                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    104.37.175.221LJqzegzQl0.exeGet hashmaliciousRHADAMANTHYSBrowse
                                      wg7SDQAffQ.exeGet hashmaliciousRHADAMANTHYSBrowse
                                        No context
                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        MAJESTIC-HOSTING-01USLJqzegzQl0.exeGet hashmaliciousRHADAMANTHYSBrowse
                                        • 104.37.175.221
                                        ZtnN5sSpDk.exeGet hashmaliciousRHADAMANTHYSBrowse
                                        • 104.37.175.232
                                        wg7SDQAffQ.exeGet hashmaliciousRHADAMANTHYSBrowse
                                        • 104.37.175.221
                                        Readme.lnk.download.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                        • 104.37.175.232
                                        098aPtSbmd.batGet hashmaliciousRHADAMANTHYSBrowse
                                        • 104.37.175.232
                                        loader.ps1.batGet hashmaliciousRHADAMANTHYSBrowse
                                        • 104.37.175.232
                                        readme.exeGet hashmaliciousRHADAMANTHYSBrowse
                                        • 104.37.175.232
                                        Documenti relativi alla violazione dei diritti di propriet#U00e0 intellettuale.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                        • 104.37.175.232
                                        loligang.ppc.elfGet hashmaliciousMiraiBrowse
                                        • 191.96.140.127
                                        file.exeGet hashmaliciousDarkTortilla, RHADAMANTHYSBrowse
                                        • 104.37.175.218
                                        No context
                                        No context
                                        Process:C:\Windows\System32\WerFault.exe
                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):65536
                                        Entropy (8bit):0.660242897277721
                                        Encrypted:false
                                        SSDEEP:96:KYFOF+3eTqigKJ6os3Wrk41yHpHS2QXIDcQkc6tcEycw3ZUtzJzQ+HbHgrZ2ZAXM:H/UHn6oxR0apYKjqzuiFRZ24lO8JO
                                        MD5:0F617D5D59280657BC76736F7878DAAC
                                        SHA1:5043081294AEAE55D18E81F6264A285FB8DAF673
                                        SHA-256:EA61B43AF02E36F75615D26DC5062EDAEF8558172F16533FAFA7B80223F23052
                                        SHA-512:09C3F27E457F2192C6A92FE23AE97B2B5526BF7207F3E98A99ADE20654968446D1F535DE293F9CF83C2247DB96CEE7AA25F43F2A0B76B675CD7FDFD5D5D76531
                                        Malicious:false
                                        Reputation:low
                                        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.6.4.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.7.8.0.0.4.4.0.6.2.4.8.2.7.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.7.8.0.0.4.4.1.0.7.7.9.5.1.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.d.e.b.2.3.0.6.-.3.0.5.8.-.4.f.6.2.-.a.5.9.d.-.9.5.4.f.d.a.f.a.7.1.b.5.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.d.3.2.b.9.c.9.-.7.d.e.7.-.4.b.c.8.-.b.4.7.8.-.3.6.6.6.0.c.f.7.1.a.e.3.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.4.a.c.-.0.0.0.1.-.0.0.1.4.-.6.a.2.2.-.5.f.d.d.6.2.4.6.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.5.e.f.b.3.f.9.7.3.4.2.b.a.1.9.5.4.2.4.1.3.4.f.2.8.f.9.7.7.d.a.9.e.0.d.6.a.a.9.1.!.f.o.n.t.d.r.v.h.o.
                                        Process:C:\Windows\System32\WerFault.exe
                                        File Type:Mini DuMP crash report, 14 streams, Wed Dec 4 15:40:40 2024, 0x1205a4 type
                                        Category:dropped
                                        Size (bytes):47886
                                        Entropy (8bit):1.2705089897758084
                                        Encrypted:false
                                        SSDEEP:96:578xZQmR77SydgW/P7i7IqeqeqluGvE9pdKFJvaFtdx4EWIaDIodjtrK:e3Q6N/zOfNNlpvE/dKFZa5x41dU
                                        MD5:B2DCF31585D936915D4932184F60D90D
                                        SHA1:480D80D9B43B6C9306B887E994FE8764C8245FA6
                                        SHA-256:BE5948E71B079935B58896C241ACA47A7B117F22782234CED030C4A515C81EBF
                                        SHA-512:CAD40B46F9877845183244D823A8FEE9D41D1A721CACFEC3003C5721302611015F3A82DD1D0C880FE51D5AA94AA5F27E3B1E8724701E86CBFCD8D0A39EA90F67
                                        Malicious:false
                                        Reputation:low
                                        Preview:MDMP..a..... ........wPg........................................2!..........T.......8...........T...............^.......................................................................................................eJ..............Lw......................T............wPg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                        Process:C:\Windows\System32\WerFault.exe
                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):8624
                                        Entropy (8bit):3.688403822441581
                                        Encrypted:false
                                        SSDEEP:192:R6l7wVeJ1dwKjOD6YvP0ibZgmfr57vvpDT89bNoR2fEvm:R6lXJfwT6YUibZgmfrFvON/fR
                                        MD5:E69E6768D7D430CA7AB07C734C6412F6
                                        SHA1:5730AD1F6D7699F8C592213FA729E06A3F6DE8BC
                                        SHA-256:A1F7AA3C08C7500BC1BA8B402974B8D27AC11D18486AE4A2309BDACD4C5D401F
                                        SHA-512:A3D1FC371CEF6E32AEA7D320D6BCF72238B20ED0E30E5CEE269BA453D51AF00E90EFB4EF58ECC507AA4CEB9AAE0C145C1F067343F2C508578DE67E68722B3834
                                        Malicious:false
                                        Reputation:low
                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.1.1.9.6.<./.P.i.
                                        Process:C:\Windows\System32\WerFault.exe
                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):4853
                                        Entropy (8bit):4.443311312711898
                                        Encrypted:false
                                        SSDEEP:48:cvIwWl8zsZpJg771I9PcWpW8VYmYm8M4Jk5LvM6Feoyq8vU5LvM/aMuDwMdFd:uIjflI7AV7VCJcjMSWsjM/1uLHd
                                        MD5:D0752590A20A650254A5CD83858C51DD
                                        SHA1:9801A27907DE3B598F836C1FCBC7539756389C6B
                                        SHA-256:B3BCF4D1E47C29FB20096D0D8D207F9D9B10FF48465AEE28AADA8E3BDDC30179
                                        SHA-512:3F03463CA20A6014E6B697102CCFCC958961ADE9B82FFF00CE3F1FB6FDB5B7C43112A15867CF44D090DC7DA10F9AB7B3B5BBE1C566EFCA5A97FA8C747B5AC507
                                        Malicious:false
                                        Reputation:low
                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="616723" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                        Process:C:\Users\user\Desktop\aHoqCI0AZq.exe
                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):979567349
                                        Entropy (8bit):0.046351748317136524
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:85F2018C0EDA132D4B48ECDE3ADA2CC5
                                        SHA1:6E4EC42B710A93DBC403F505D583967E1C1BD504
                                        SHA-256:BCECEBD72C252D356FFD81CA17E9135CB5C4A429018C3C85416430F61AF3D79D
                                        SHA-512:9BB614A507F3A7B5F81BEEF7B597E5F7EE1E7FED42D5D5AFF55CECA7815B14763C6F0E3468703E0101A3EBA0F2BEFB88C98575EFD63DA82BE4BDA3E2B7DC6730
                                        Malicious:false
                                        Reputation:low
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................z..............z........#.............................Rich..................PE..L......C..........................................@...........................9.....Y.$..............................................."..F...........................................................................................................text............................... ..`.rdata...|..........................@..@.data....)...P.......P..............@....rsrc....F...."..P...0..............@..@................................................................................................................................................................................................................................................................................................................................................
                                        Process:C:\Windows\System32\WerFault.exe
                                        File Type:MS Windows registry file, NT/2000 or above
                                        Category:dropped
                                        Size (bytes):1835008
                                        Entropy (8bit):4.417606899265938
                                        Encrypted:false
                                        SSDEEP:6144:pcifpi6ceLPL9skLmb0mNSWSPtaJG8nAgex285i2MMhA20X4WABlGuN75+:Wi58NSWIZBk2MM6AFB9o
                                        MD5:98EC8F08CE75B15DCC4AF06601586B4B
                                        SHA1:53328164AFDA400EADBE32B24D734B879CD59143
                                        SHA-256:E234E95C79040BB63A6E1C7EF3175C96EFCA038CC88D60FE725015FB559F714E
                                        SHA-512:30C2E928F9D0AC00D5F96B85CD8DC04FD665E10E405AB60C1CC1BD43A42FA16F4D08113906DA6F6A1D7C120CC78B727D744F22258189795F21FD23BB8899FF92
                                        Malicious:false
                                        Preview:regfE...E....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.)Y.bF..............................................................................................................................................................................................................................................................................................................................................F.N.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                        Entropy (8bit):6.9691452473749695
                                        TrID:
                                        • Win32 Executable (generic) a (10002005/4) 99.40%
                                        • InstallShield setup (43055/19) 0.43%
                                        • Windows Screen Saver (13104/52) 0.13%
                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                        • DOS Executable Generic (2002/1) 0.02%
                                        File name:aHoqCI0AZq.exe
                                        File size:2'981'888 bytes
                                        MD5:7f1fb038ce59b5f4808ae37a9c3be0f6
                                        SHA1:3d2cba739389d5b82601f4976719434a385c3f24
                                        SHA256:e74135c647bb065e27f85b5bedb57b63c5731df0dd5d92877187be3cf6a2594e
                                        SHA512:a8165197b077bf920622a2a3f68721968ce4516a38a2e172b9dbb04cd3b73858bcab189577a8458deed47141a337faed2d552da80360842d1175a73c175bc4a9
                                        SSDEEP:49152:SVHFXSzmqiDqCbm1gickVsPTwuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuTuuuuR:SVHFXSzmqsegfkVsMuuuuuuuuuuuuuuu
                                        TLSH:E5D5AE41F28181B1DD5276B05273D6B54672AEF8A73A80CF61D63F1B3B722E25A33346
                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................z.......................z...............#...............................................Rich...................
                                        Icon Hash:c5a684988c94a0c5
                                        Entrypoint:0x4dc300
                                        Entrypoint Section:.text
                                        Digitally signed:false
                                        Imagebase:0x400000
                                        Subsystem:windows gui
                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                        DLL Characteristics:NO_SEH
                                        Time Stamp:0x4310D1EE [Sat Aug 27 20:49:50 2005 UTC]
                                        TLS Callbacks:
                                        CLR (.Net) Version:
                                        OS Version Major:4
                                        OS Version Minor:0
                                        File Version Major:4
                                        File Version Minor:0
                                        Subsystem Version Major:4
                                        Subsystem Version Minor:0
                                        Import Hash:6cd1955b3508e1b7bae36e00ef841662
                                        Instruction
                                        sub esp, 44h
                                        push esi
                                        call dword ptr [0053D228h]
                                        mov esi, eax
                                        mov al, byte ptr [esi]
                                        cmp al, 22h
                                        call 00007FAB7862CBD0h
                                        inc esi
                                        cmp al, 22h
                                        je 00007FAB786DCBDAh
                                        test al, al
                                        jne 00007FAB786DCBC6h
                                        cmp al, 22h
                                        jne 00007FAB786DCBE8h
                                        inc esi
                                        jmp 00007FAB786DCBE5h
                                        cmp al, 20h
                                        jbe 00007FAB786DCBE1h
                                        lea esp, dword ptr [esp+00000000h]
                                        mov al, byte ptr [esi+01h]
                                        inc esi
                                        cmp al, 20h
                                        jnbe 00007FAB786DCBCAh
                                        mov al, byte ptr [esi]
                                        test al, al
                                        je 00007FAB786DCBE0h
                                        mov edi, edi
                                        cmp al, 20h
                                        jnbe 00007FAB786DCBDAh
                                        mov al, byte ptr [esi+01h]
                                        inc esi
                                        test al, al
                                        jne 00007FAB786DCBC6h
                                        lea eax, dword ptr [esp+04h]
                                        push eax
                                        mov dword ptr [esp+34h], 00000000h
                                        call dword ptr [0053D270h]
                                        test byte ptr [esp+30h], 00000001h
                                        movzx eax, word ptr [esp+34h]
                                        jne 00007FAB786DCBD7h
                                        mov eax, 0000000Ah
                                        push eax
                                        push esi
                                        push 00000000h
                                        push 00000000h
                                        call dword ptr [0053D224h]
                                        push eax
                                        call 00007FAB786DC7D3h
                                        push eax
                                        call dword ptr [0053D220h]
                                        pop esi
                                        int3
                                        int3
                                        int3
                                        int3
                                        int3
                                        int3
                                        movzx edx, byte ptr [ecx+0Dh]
                                        xor eax, eax
                                        mov ah, byte ptr [ecx+0Fh]
                                        mov al, byte ptr [ecx+0Ch]
                                        movzx ecx, byte ptr [ecx+0Eh]
                                        shl eax, 08h
                                        or eax, edx
                                        shl eax, 08h
                                        or eax, ecx
                                        ret
                                        int3
                                        int3
                                        int3
                                        int3
                                        int3
                                        mov eax, ecx
                                        mov dword ptr [eax], 00000000h
                                        mov dword ptr [eax+04h], 00000000h
                                        ret
                                        push esi
                                        push edi
                                        mov esi, ecx
                                        call dword ptr [0000D518h]
                                        Programming Language:
                                        • [ C ] VS2003 (.NET) build 3077
                                        • [C++] VS2003 (.NET) build 3077
                                        • [RES] VS2003 (.NET) build 3077
                                        • [LNK] VS2003 (.NET) build 3077
                                        NameVirtual AddressVirtual Size Is in Section
                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x152e180x118.rdata
                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x2280000x1746d4.rsrc
                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IAT0x13d0000x598.rdata
                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                        .text0x10000x13bc900x13c000a098c7e84ad5a36a04535e1c3b73e500False0.5445657078223892data6.741499573740984IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                        .rdata0x13d0000x17c840x180007985ce6b5d14c95b3d11911cc6832e60False0.5450439453125data6.199908013459288IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .data0x1550000xd29080xe00033ed2020b692083bf67c882b0e6ea252False0.7456926618303571data7.206453493549018IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                        .rsrc0x2280000x1746d40x1750003e062f5cbd5a798a4443f079e014553cFalse0.4497921204758713data6.806991139917929IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                        RT_CURSOR0x229a4c0x134dataEnglishUnited States0.275974025974026
                                        RT_CURSOR0x229b800xb4dataEnglishUnited States0.6444444444444445
                                        RT_CURSOR0x229c340x134Targa image data - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.39935064935064934
                                        RT_CURSOR0x229d680xb4Targa image data - RLE 32 x 65536 x 1 +16 "\001"EnglishUnited States0.8944444444444445
                                        RT_CURSOR0x229e1c0x134dataEnglishUnited States0.12012987012987013
                                        RT_ICON0x229f500x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.3225609756097561
                                        RT_ICON0x22a5b80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.43951612903225806
                                        RT_ICON0x22a8a00x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 288EnglishUnited States0.4016393442622951
                                        RT_ICON0x22aa880x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.4831081081081081
                                        RT_ICON0x22abb00x35e0PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9907192575406032
                                        RT_ICON0x22e1900xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.4584221748400853
                                        RT_ICON0x22f0380x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.47382671480144406
                                        RT_ICON0x22f8e00x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsEnglishUnited States0.45564516129032256
                                        RT_ICON0x22ffa80x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.3504335260115607
                                        RT_ICON0x2305100x668Device independent bitmap graphic, 48 x 96 x 4, image size 0EnglishUnited States0.1774390243902439
                                        RT_ICON0x230b780x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishUnited States0.26344086021505375
                                        RT_ICON0x230e600x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishUnited States0.46621621621621623
                                        RT_ICON0x230f880xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishUnited States0.5335820895522388
                                        RT_ICON0x231e300x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.5478339350180506
                                        RT_ICON0x2326d80x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.41401734104046245
                                        RT_ICON0x232c400x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.34865145228215766
                                        RT_ICON0x2351e80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.36538461538461536
                                        RT_ICON0x2362900x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.6462765957446809
                                        RT_ICON0x2366f80x668Device independent bitmap graphic, 48 x 96 x 4, image size 0EnglishUnited States0.27987804878048783
                                        RT_ICON0x236d600x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishUnited States0.40860215053763443
                                        RT_ICON0x2370480x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 0EnglishUnited States0.47540983606557374
                                        RT_ICON0x2372300x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishUnited States0.5506756756756757
                                        RT_ICON0x2373580xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishUnited States0.4650852878464819
                                        RT_ICON0x2382000x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.677797833935018
                                        RT_ICON0x238aa80x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0EnglishUnited States0.7534562211981567
                                        RT_ICON0x2391700x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.8034682080924855
                                        RT_ICON0x2396d80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.32676348547717843
                                        RT_ICON0x23bc800x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.4547373358348968
                                        RT_ICON0x23cd280x988Device independent bitmap graphic, 24 x 48 x 32, image size 0EnglishUnited States0.5823770491803278
                                        RT_ICON0x23d6b00x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.600177304964539
                                        RT_ICON0x23db180x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.07868508221933042
                                        RT_ICON0x24e3400x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States0.15114568005045195
                                        RT_ICON0x2577e80x67e8Device independent bitmap graphic, 80 x 160 x 32, image size 26560EnglishUnited States0.1543233082706767
                                        RT_ICON0x25dfd00x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States0.175184842883549
                                        RT_ICON0x2634580x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.15948275862068967
                                        RT_ICON0x2676800x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.24107883817427386
                                        RT_ICON0x269c280x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.2678236397748593
                                        RT_ICON0x26acd00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.37459016393442623
                                        RT_ICON0x26b6580x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.42819148936170215
                                        RT_ICON0x26bac00x668Device independent bitmap graphic, 48 x 96 x 4, image size 11520.3225609756097561
                                        RT_ICON0x26c1280x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 5120.43951612903225806
                                        RT_ICON0x26c4100x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 2880.4016393442622951
                                        RT_ICON0x26c5f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 1280.4831081081081081
                                        RT_ICON0x26c7200x35e0PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9907192575406032
                                        RT_ICON0x26fd000xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors0.4584221748400853
                                        RT_ICON0x270ba80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors0.47382671480144406
                                        RT_ICON0x2714500x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors0.45564516129032256
                                        RT_ICON0x271b180x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors0.3504335260115607
                                        RT_ICON0x2720800x10828Device independent bitmap graphic, 128 x 256 x 32, image size 675840.07868508221933042
                                        RT_ICON0x2828a80x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 380160.15114568005045195
                                        RT_ICON0x28bd500x67e8Device independent bitmap graphic, 80 x 160 x 32, image size 265600.1543233082706767
                                        RT_ICON0x2925380x5488Device independent bitmap graphic, 72 x 144 x 32, image size 216000.175184842883549
                                        RT_ICON0x2979c00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 168960.15948275862068967
                                        RT_ICON0x29bbe80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.24107883817427386
                                        RT_ICON0x29e1900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.2678236397748593
                                        RT_ICON0x29f2380x988Device independent bitmap graphic, 24 x 48 x 32, image size 24000.37459016393442623
                                        RT_ICON0x29fbc00x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.42819148936170215
                                        RT_MENU0x2a00280x280dataChineseTaiwan0.55
                                        RT_MENU0x2a02a80x350dataGermanGermany0.46226415094339623
                                        RT_MENU0x2a05f80x2f2dataEnglishUnited States0.46419098143236076
                                        RT_MENU0x2a08ec0x34cdataFrenchFrance0.45260663507109006
                                        RT_MENU0x2a0c380x356dataItalianItaly0.4601873536299766
                                        RT_MENU0x2a0f900x2c0dataJapaneseJapan0.5539772727272727
                                        RT_MENU0x2a12500x2c4dataKoreanNorth Korea0.5706214689265536
                                        RT_MENU0x2a12500x2c4dataKoreanSouth Korea0.5706214689265536
                                        RT_MENU0x2a15140x286dataChineseChina0.5479876160990712
                                        RT_MENU0x2a179c0x336data0.46228710462287104
                                        RT_MENU0x2a1ad40x116dataChineseTaiwan0.7086330935251799
                                        RT_MENU0x2a1bec0x20adataGermanGermany0.5268199233716475
                                        RT_MENU0x2a1df80x1d2dataEnglishUnited States0.5343347639484979
                                        RT_MENU0x2a1fcc0x220dataFrenchFrance0.5055147058823529
                                        RT_MENU0x2a21ec0x1fedataItalianItaly0.515686274509804
                                        RT_MENU0x2a23ec0x146dataJapaneseJapan0.7239263803680982
                                        RT_MENU0x2a25340x144dataKoreanNorth Korea0.7253086419753086
                                        RT_MENU0x2a25340x144dataKoreanSouth Korea0.7253086419753086
                                        RT_MENU0x2a26780x12edataChineseChina0.7019867549668874
                                        RT_MENU0x2a27a80x1f4data0.536
                                        RT_MENU0x2a299c0x6adataChineseTaiwan0.7452830188679245
                                        RT_MENU0x2a2a080x9cdataGermanGermany0.7115384615384616
                                        RT_MENU0x2a2aa40x70dataEnglishUnited States0.75
                                        RT_MENU0x2a2b140x90dataFrenchFrance0.6805555555555556
                                        RT_MENU0x2a2ba40x88dataItalianItaly0.7205882352941176
                                        RT_MENU0x2a2c2c0x78dataJapaneseJapan0.75
                                        RT_MENU0x2a2ca40x78dataKoreanNorth Korea0.7833333333333333
                                        RT_MENU0x2a2ca40x78dataKoreanSouth Korea0.7833333333333333
                                        RT_MENU0x2a2d1c0x6adataChineseChina0.7452830188679245
                                        RT_MENU0x2a2d880x8cdata0.6857142857142857
                                        RT_MENU0x2a2e140x22dataChineseTaiwan1.1764705882352942
                                        RT_MENU0x2a2e380x4adataGermanGermany0.8378378378378378
                                        RT_MENU0x2a2e840x34dataEnglishUnited States1.0
                                        RT_MENU0x2a2eb80x3edataFrenchFrance0.9193548387096774
                                        RT_MENU0x2a2ef80x42dataItalianItaly0.9545454545454546
                                        RT_MENU0x2a2f3c0x28dataJapaneseJapan1.125
                                        RT_MENU0x2a2f640x24dataKoreanNorth Korea1.1944444444444444
                                        RT_MENU0x2a2f640x24dataKoreanSouth Korea1.1944444444444444
                                        RT_MENU0x2a2f880x22dataChineseChina1.1764705882352942
                                        RT_MENU0x2a2fac0x3cdata1.0166666666666666
                                        RT_DIALOG0x2a2fe80x1a6dataChineseTaiwan0.5284360189573459
                                        RT_DIALOG0x2a31900x1a6dataGermanGermany0.523696682464455
                                        RT_DIALOG0x2a33380x1a6dataEnglishUnited States0.523696682464455
                                        RT_DIALOG0x2a34e00x1a6dataFrenchFrance0.523696682464455
                                        RT_DIALOG0x2a36880x1a6dataItalianItaly0.523696682464455
                                        RT_DIALOG0x2a38300x19edataJapaneseJapan0.538647342995169
                                        RT_DIALOG0x2a39d00x1a6dataKoreanNorth Korea0.5284360189573459
                                        RT_DIALOG0x2a39d00x1a6dataKoreanSouth Korea0.5284360189573459
                                        RT_DIALOG0x2a3b780x1a6dataChineseChina0.5260663507109005
                                        RT_DIALOG0x2a3d200x1aedata0.5302325581395348
                                        RT_DIALOG0x2a3ed00x140dataChineseTaiwan0.70625
                                        RT_DIALOG0x2a40100x1d8dataGermanGermany0.5614406779661016
                                        RT_DIALOG0x2a41e80x1cadataEnglishUnited States0.5633187772925764
                                        RT_DIALOG0x2a43b40x1bcdataFrenchFrance0.5968468468468469
                                        RT_DIALOG0x2a45700x18cdataItalianItaly0.6035353535353535
                                        RT_DIALOG0x2a46fc0x162dataJapaneseJapan0.7457627118644068
                                        RT_DIALOG0x2a48600x144dataKoreanNorth Korea0.7376543209876543
                                        RT_DIALOG0x2a48600x144dataKoreanSouth Korea0.7376543209876543
                                        RT_DIALOG0x2a49a40x138dataChineseChina0.6987179487179487
                                        RT_DIALOG0x2a4adc0x1cedata0.5757575757575758
                                        RT_DIALOG0x2a4cac0x2cadataChineseTaiwan0.5714285714285714
                                        RT_DIALOG0x2a4f780x4cedataGermanGermany0.4056910569105691
                                        RT_DIALOG0x2a54480x448dataEnglishUnited States0.39507299270072993
                                        RT_DIALOG0x2a58900x4f8dataFrenchFrance0.3977987421383648
                                        RT_DIALOG0x2a5d880x49cdataItalianItaly0.38813559322033897
                                        RT_DIALOG0x2a62240x34edataJapaneseJapan0.5721040189125296
                                        RT_DIALOG0x2a65740x32edataKoreanNorth Korea0.5675675675675675
                                        RT_DIALOG0x2a65740x32edataKoreanSouth Korea0.5675675675675675
                                        RT_DIALOG0x2a68a40x2c2dataChineseChina0.5722379603399433
                                        RT_DIALOG0x2a6b680x48edata0.3936535162950257
                                        RT_STRING0x2a6ff80xeedataChineseTaiwan0.5378151260504201
                                        RT_STRING0x2a70e80x10adataGermanGermany0.5225563909774437
                                        RT_STRING0x2a71f40x104dataEnglishUnited States0.5076923076923077
                                        RT_STRING0x2a72f80x116dataFrenchFrance0.5215827338129496
                                        RT_STRING0x2a74100x10cdataItalianItaly0.5111940298507462
                                        RT_STRING0x2a751c0xfcdataJapaneseJapan0.5674603174603174
                                        RT_STRING0x2a76180xf0dataKoreanNorth Korea0.5625
                                        RT_STRING0x2a76180xf0dataKoreanSouth Korea0.5625
                                        RT_STRING0x2a77080xeedataChineseChina0.542016806722689
                                        RT_STRING0x2a77f80x116data0.5179856115107914
                                        RT_STRING0x2a79100xdeMatlab v4 mat-file (little endian) Gr-N\011g, numeric, rows 0, columns 0ChineseTaiwan0.6891891891891891
                                        RT_STRING0x2a79f00x204Matlab v4 mat-file (little endian) a, numeric, rows 0, columns 0GermanGermany0.4573643410852713
                                        RT_STRING0x2a7bf40x1aaMatlab v4 mat-file (little endian) , numeric, rows 0, columns 0EnglishUnited States0.4624413145539906
                                        RT_STRING0x2a7da00x20aMatlab v4 mat-file (little endian) n, numeric, rows 0, columns 0FrenchFrance0.4521072796934866
                                        RT_STRING0x2a7fac0x1acMatlab v4 mat-file (little endian) n, numeric, rows 0, columns 0ItalianItaly0.4532710280373832
                                        RT_STRING0x2a81580x116Matlab v4 mat-file (little endian) \3740\3230\3740\205Qn0\2710\2570\3520\3270\3100L0\237S\340Vg0 , numeric, rows 0, columns 0JapaneseJapan0.6438848920863309
                                        RT_STRING0x2a82700x100Matlab v4 mat-file (little endian) , numeric, rows 0, columns 0KoreanNorth Korea0.796875
                                        RT_STRING0x2a82700x100Matlab v4 mat-file (little endian) , numeric, rows 0, columns 0KoreanSouth Korea0.796875
                                        RT_STRING0x2a83700xe0Matlab v4 mat-file (little endian) Gr-N\204v\320g*N\032\201,g\374[\364\201 , numeric, rows 0, columns 0ChineseChina0.6696428571428571
                                        RT_STRING0x2a84500x1a8Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 00.5070754716981132
                                        RT_STRING0x2a85f80x56Matlab v4 mat-file (little endian) \326S\201\211, numeric, rows 0, columns 0ChineseTaiwan0.5348837209302325
                                        RT_STRING0x2a86500x110Matlab v4 mat-file (little endian) \344, numeric, rows 0, columns 0GermanGermany0.41544117647058826
                                        RT_STRING0x2a87600xcaMatlab v4 mat-file (little endian) e, numeric, rows 0, columns 0EnglishUnited States0.45544554455445546
                                        RT_STRING0x2a882c0x106Matlab v4 mat-file (little endian) h, numeric, rows 0, columns 0FrenchFrance0.44274809160305345
                                        RT_STRING0x2a89340xfaMatlab v4 mat-file (little endian) e, numeric, rows 0, columns 0ItalianItaly0.384
                                        RT_STRING0x2a8a300x8eMatlab v4 mat-file (little endian) \2420\3030\3270\3550\3740\3110Y0\2130\3250\2410\2440\3530\2220x\220\236bW0~0Y0 , numeric, rows 0, columns 0JapaneseJapan0.5
                                        RT_STRING0x2a8ac00x7cdataKoreanNorth Korea0.6290322580645161
                                        RT_STRING0x2a8ac00x7cdataKoreanSouth Korea0.6290322580645161
                                        RT_STRING0x2a8b3c0x5cMatlab v4 mat-file (little endian) \351b\201\211, numeric, rows 0, columns 0ChineseChina0.4891304347826087
                                        RT_STRING0x2a8b980x138Matlab v4 mat-file (little endian) e, numeric, rows 0, columns 00.4166666666666667
                                        RT_STRING0x2a8cd00x52dataChineseTaiwan0.8536585365853658
                                        RT_STRING0x2a8d240xaadataGermanGermany0.6
                                        RT_STRING0x2a8dd00x98dataEnglishUnited States0.6052631578947368
                                        RT_STRING0x2a8e680xd6dataFrenchFrance0.5373831775700935
                                        RT_STRING0x2a8f400xaadataItalianItaly0.5764705882352941
                                        RT_STRING0x2a8fec0x70dataJapaneseJapan0.7857142857142857
                                        RT_STRING0x2a905c0x58dataKoreanNorth Korea0.8977272727272727
                                        RT_STRING0x2a905c0x58dataKoreanSouth Korea0.8977272727272727
                                        RT_STRING0x2a90b40x52dataChineseChina0.8048780487804879
                                        RT_STRING0x2a91080xc8data0.54
                                        RT_ACCELERATOR0x2a91d00x80dataEnglishUnited States0.6875
                                        RT_GROUP_CURSOR0x2a92500x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States1.0294117647058822
                                        RT_GROUP_CURSOR0x2a92740x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States1.0
                                        RT_GROUP_CURSOR0x2a92980x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                        RT_GROUP_ICON0x2a92ac0x126data0.5544217687074829
                                        RT_GROUP_ICON0x2a93d40x102dataEnglishUnited States0.6046511627906976
                                        RT_GROUP_ICON0x2a94d80xaedataEnglishUnited States0.6206896551724138
                                        RT_GROUP_ICON0x2a95880x84dataEnglishUnited States0.6363636363636364
                                        RT_VERSION0x2a960c0x3c4dataEnglishUnited States0.4221991701244813
                                        RT_DLGINCLUDE0x2a99d00x6dc36PC bitmap, Windows 3.x format, 56884 x 2 x 53, image size 450526, cbSize 449590, bits offset 540.6995484775017238
                                        RT_ANIICON0x3176080xe52ePC bitmap, Windows 3.x format, 7462 x 2 x 45, image size 58788, cbSize 58670, bits offset 540.3828532469746037
                                        RT_ANIICON0x325b380xadb5PC bitmap, Windows 3.x format, 6091 x 2 x 54, image size 44877, cbSize 44469, bits offset 540.3292181069958848
                                        RT_ANIICON0x3308f00xc408PC bitmap, Windows 3.x format, 6487 x 2 x 36, image size 50833, cbSize 50184, bits offset 540.3397895743663319
                                        RT_ANIICON0x33ccf80x3251cPC bitmap, Windows 3.x format, 26260 x 2 x 36, image size 206180, cbSize 206108, bits offset 540.4970597938944631
                                        RT_ANIICON0x36f2140x2d4bfPC bitmap, Windows 3.x format, 23999 x 2 x 52, image size 185728, cbSize 185535, bits offset 540.4973832430538712
                                        DLLImport
                                        WSOCK32.dllsetsockopt, gethostbyname, htonl, ioctlsocket, htons, WSAStartup, ntohl, WSACleanup
                                        WININET.dllHttpQueryInfoA
                                        CRYPT32.dllCertFreeCertificateContext, CertVerifySubjectCertificateContext, CertFindCertificateInStore, CertCreateCertificateContext, CryptGetMessageCertificates, CryptVerifyMessageSignature, CertCloseStore
                                        VERSION.dllGetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA
                                        WINMM.dllwaveInStop, waveInAddBuffer, waveInStart, waveInGetNumDevs, waveOutGetNumDevs, waveInClose, waveOutGetDevCapsA, waveOutPrepareHeader, waveOutWrite, waveOutReset, waveOutUnprepareHeader, waveInReset, waveInUnprepareHeader, waveInPrepareHeader, waveInOpen, waveInGetDevCapsA, timeGetTime, waveOutClose, waveOutOpen, timeKillEvent, timeSetEvent, timeGetDevCaps, timeBeginPeriod, timeEndPeriod
                                        KERNEL32.dllGetSystemInfo, GetUserDefaultLangID, ExitThread, GlobalFree, GetFileAttributesA, GetFileAttributesW, LockResource, LoadResource, FindResourceExA, FindResourceExW, GlobalAlloc, CreateThread, GetTimeZoneInformation, GetSystemTime, SystemTimeToFileTime, DeleteFileA, DeleteFileW, MoveFileA, VirtualQuery, RemoveDirectoryA, RemoveDirectoryW, CreateDirectoryA, CreateDirectoryW, CreateFileA, CreateFileW, ReadFile, WriteFile, GetTempFileNameA, GetTempPathA, GetTempFileNameW, GetTempPathW, SetFilePointer, GetFileSize, GetFileAttributesExA, GetFileAttributesExW, FindFirstFileA, FindFirstFileW, FindNextFileA, FindNextFileW, FindClose, GetSystemDirectoryA, GetModuleFileNameA, MoveFileExA, CreateMutexA, ReleaseMutex, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, WaitForSingleObject, WideCharToMultiByte, GlobalUnlock, GlobalLock, IsDBCSLeadByteEx, lstrlenA, SetEndOfFile, CopyFileA, CopyFileW, GetModuleFileNameW, GetCommandLineW, ExitProcess, GetModuleHandleA, GetCommandLineA, GetProcessTimes, GetCurrentProcess, CreateEventA, SetEvent, TlsAlloc, SetThreadPriority, InterlockedIncrement, InterlockedDecrement, ResetEvent, WaitForMultipleObjects, VirtualFree, VirtualAlloc, GetThreadPriority, GetCurrentThread, GetSystemDefaultLangID, FreeLibrary, GetLastError, GetStartupInfoA, CreateProcessA, CloseHandle, LCMapStringW, LCMapStringA, GetTickCount, GetCurrentThreadId, GetLocaleInfoA, SetErrorMode, LoadLibraryA, GetProcAddress, QueryPerformanceCounter, QueryPerformanceFrequency, IsDBCSLeadByte, GetACP, GetCPInfo, MultiByteToWideChar, GetVersionExA, InterlockedExchange, InterlockedCompareExchange, Sleep, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, HeapAlloc, GetProcessHeap, MoveFileW, HeapFree
                                        USER32.dllGetSubMenu, LoadMenuA, SetTimer, KillTimer, GetClientRect, ScreenToClient, GetCursorPos, SetCursor, LoadCursorA, EndPaint, BeginPaint, GetMenu, DestroyWindow, GetFocus, WindowFromPoint, GetCapture, ReleaseCapture, SetCapture, TrackPopupMenu, ClientToScreen, DeleteMenu, GetMenuItemID, IsWindow, DefWindowProcA, GetWindowLongA, CreateWindowExA, RegisterClipboardFormatA, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, SetClipboardData, EmptyClipboard, InsertMenuA, InsertMenuW, RemoveMenu, GetWindow, UnregisterClassA, LoadStringW, MoveWindow, SetMenu, UpdateWindow, ShowWindow, SetDlgItemTextA, SetDlgItemTextW, EnableWindow, GetDlgItemTextA, GetWindowTextLengthA, DestroyMenu, GetWindowTextLengthW, PostQuitMessage, GetMenuStringA, GetMenuStringW, RegisterClassA, DispatchMessageA, TranslateMessage, TranslateAcceleratorA, GetMessageA, LoadAcceleratorsA, PostThreadMessageA, GetQueueStatus, PeekMessageA, MsgWaitForMultipleObjects, RegisterWindowMessageA, SystemParametersInfoA, DialogBoxIndirectParamW, DialogBoxIndirectParamA, PostMessageA, EndDialog, SetWindowLongA, GetParent, GetWindowRect, GetDesktopWindow, SetWindowPos, LoadIconA, GetDlgItem, SendMessageA, SetWindowTextA, SetFocus, GetMenuItemCount, GetMenuItemInfoA, GetSystemMetrics, InsertMenuItemA, DdeInitializeA, DdeCreateStringHandleA, DdeConnect, DdeClientTransaction, DdeDisconnect, DdeFreeStringHandle, DdeUninitialize, SendInput, GetKeyboardLayout, GetDC, ReleaseDC, GetDoubleClickTime, LoadStringA, EnableMenuItem, CheckMenuItem, InvalidateRect, WaitForInputIdle, MapVirtualKeyA, FillRect, GetKeyState, DialogBoxParamW, DialogBoxParamA, GetDlgItemTextW, MessageBoxA
                                        GDI32.dllGetTextMetricsA, GetClipRgn, SetTextColor, ExtTextOutW, ExtTextOutA, CreateRectRgn, GetTextAlign, GetBkMode, GetTextColor, EnumFontFamiliesA, SetTextCharacterExtra, BeginPath, EndPage, DPtoLP, FillPath, ExtCreatePen, StrokePath, EndDoc, StartDocA, LPtoDP, CreateSolidBrush, GetClipBox, GetSystemPaletteEntries, CreatePalette, GetTextExtentPoint32A, CreatePen, GetBkColor, SetBkColor, GetCurrentObject, GetTextExtentPoint32W, EndPath, SetPolyFillMode, MoveToEx, LineTo, PolyBezierTo, SelectClipPath, SaveDC, RestoreDC, GdiFlush, DeleteObject, SelectObject, StretchDIBits, SetDIBitsToDevice, CreateCompatibleBitmap, GetObjectA, CreateCompatibleDC, DeleteDC, CreateDIBSection, GetDeviceCaps, BitBlt, RealizePalette, SelectPalette, GetStockObject, CreateFontIndirectA, SetBkMode, SetTextAlign, IntersectClipRect, SelectClipRgn, StartPage
                                        comdlg32.dllGetOpenFileNameA, PrintDlgA, GetOpenFileNameW, GetSaveFileNameW, CommDlgExtendedError, GetSaveFileNameA
                                        ADVAPI32.dllRegCloseKey, RegQueryValueExA, RegOpenKeyExA, RegQueryValueExW, RegOpenKeyExW, RegSetValueExA, RegCreateKeyA, RegSetValueA
                                        SHELL32.dllDragQueryFileA, DragAcceptFiles, SHBrowseForFolderA, SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHAppBarMessage, DragQueryFileW
                                        ole32.dllCoTaskMemAlloc, CoFreeUnusedLibraries, CoInitialize, CoUninitialize, CoCreateInstance, CoTaskMemFree
                                        Language of compilation systemCountry where language is spokenMap
                                        EnglishUnited States
                                        ChineseTaiwan
                                        GermanGermany
                                        FrenchFrance
                                        ItalianItaly
                                        JapaneseJapan
                                        KoreanNorth Korea
                                        KoreanSouth Korea
                                        ChineseChina
                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                        2024-12-04T14:53:08.085738+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1104.37.175.2217575192.168.2.749740TCP
                                        TimestampSource PortDest PortSource IPDest IP
                                        Dec 4, 2024 14:53:06.685841084 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:06.805716038 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:06.805794001 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:06.805974960 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:06.925818920 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:07.963340044 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:07.965920925 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:08.085737944 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.318365097 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.327508926 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:08.447418928 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.699281931 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.699299097 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.699326038 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.699352980 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:08.699708939 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.699727058 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.699739933 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.699773073 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:08.699791908 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:08.699873924 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.700809002 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.700822115 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.700869083 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:08.707529068 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.707590103 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:08.710576057 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.710647106 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.710877895 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:08.819202900 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.819283009 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.819334030 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:08.891446114 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.891582966 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.891719103 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:08.895209074 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.895348072 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.895404100 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:08.901180983 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.901288033 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.901416063 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:08.908853054 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.908943892 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.909265995 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:08.916618109 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.916709900 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.916758060 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:08.924226999 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.924324036 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.924369097 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:08.931993008 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.932077885 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.932259083 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:08.939582109 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.939747095 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.940052032 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:08.947257042 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.947377920 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.947526932 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:08.954992056 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.955180883 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.955245018 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:08.961956978 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.962064981 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.962105036 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:08.968972921 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.969126940 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:08.969301939 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:08.975899935 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.028815985 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.083446980 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.083590031 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.083791971 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.084755898 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.084949970 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.085001945 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.089309931 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.089445114 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.089493036 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.093969107 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.094122887 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.094166040 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.098444939 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.098577023 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.098620892 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.102813959 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.102953911 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.103045940 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.107884884 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.108102083 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.108148098 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.111546993 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.111680031 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.111723900 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.115928888 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.116051912 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.116099119 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.120353937 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.120501995 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.120548010 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.124670982 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.124794006 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.124838114 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.129085064 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.129220963 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.129300117 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.133423090 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.133662939 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.133706093 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.137732029 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.137959957 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.138010025 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.142147064 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.142281055 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.142328024 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.146534920 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.146648884 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.146697044 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.150906086 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.151067019 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.151418924 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.155284882 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.155432940 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.155527115 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.159704924 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.159816980 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.159859896 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.164148092 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.164290905 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.164350986 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.168659925 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.168749094 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.168804884 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.172976971 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.173103094 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.173245907 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.177256107 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.177371979 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.177623034 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.181560040 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.181817055 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.181873083 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.185906887 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.231952906 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.314006090 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.314189911 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.314243078 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.315419912 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.315578938 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.315665960 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.318440914 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.318595886 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.318636894 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.321417093 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.321532011 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.321583986 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.324372053 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.324500084 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.324542999 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.327363014 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.327550888 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.327595949 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.330408096 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.330560923 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.330637932 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.333403111 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.333503008 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.333545923 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.336417913 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.336607933 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.336647987 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.339425087 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.339580059 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.339685917 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.342405081 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.342524052 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.342561007 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.345433950 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.345551014 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.345602989 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.348423004 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.348540068 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.348603964 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.351432085 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.351574898 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.351622105 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.354513884 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.354660988 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.354705095 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.357399940 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.357522964 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.357614994 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.360429049 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.360687017 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.360734940 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.363365889 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.363497019 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.363542080 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.366391897 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.366530895 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.366586924 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.369431973 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.369579077 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.369625092 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.372524023 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.372644901 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.372684956 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.375372887 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.375494957 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.375816107 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.378300905 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.378443003 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.378489971 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.381431103 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.381567955 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.381616116 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.384479046 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.384602070 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.384906054 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.387372017 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.387482882 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.387682915 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.390382051 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.390495062 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.390578985 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.393356085 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.393481016 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.393631935 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.396476984 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.396569014 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.396611929 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.399311066 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.399424076 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.399476051 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.402431965 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.402584076 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.402657032 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.405370951 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.405635118 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.405689955 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.408349991 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.450690985 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.505949020 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.506045103 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.506093025 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.507281065 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.507447004 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.507498980 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.510793924 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.511017084 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.511056900 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.513788939 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.513968945 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.514060974 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.517394066 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.517539024 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.517584085 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.520536900 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.520682096 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.520728111 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.522941113 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.523037910 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.523135900 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.525388002 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.525532961 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.525614977 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.527997971 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.528148890 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.528347969 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.529969931 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.530052900 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.530093908 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.531910896 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.531985044 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.532028913 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.533864975 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.534120083 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.534168959 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.535759926 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.535939932 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.535998106 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.538247108 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.538386106 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.538448095 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.540597916 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.540695906 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.540745020 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.543035030 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.543140888 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.543216944 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.545448065 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.545555115 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.545885086 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.547868967 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.547998905 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.548034906 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.550476074 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.550563097 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.550621033 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.552546024 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.552681923 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.555088043 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.555094957 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.555219889 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.556189060 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.557352066 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.557513952 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.557563066 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.559750080 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.559869051 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.559917927 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.562139988 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.562283039 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.562328100 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.564568996 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.564692020 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.564860106 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.566989899 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.567095041 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.567434072 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.569364071 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.569572926 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.569758892 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.571727991 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.571912050 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.571953058 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.574151039 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.574242115 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.574330091 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.576531887 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.576637983 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.576674938 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.578965902 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.579107046 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.579149961 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.581350088 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.581490040 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.581536055 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.583729982 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.583894014 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.583934069 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.586128950 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.586229086 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.586375952 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.588506937 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.588641882 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.588690042 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.591023922 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.591156006 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.591245890 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.593384981 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.593480110 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.593516111 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.595760107 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.595866919 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.595967054 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.598067999 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.598203897 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.598242998 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.600672007 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.600898027 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.600929976 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.603087902 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.603104115 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.603178978 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.605293989 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.605421066 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.605458975 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.607650042 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.607785940 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.607819080 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.610054016 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.610173941 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.610219955 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.612443924 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.612596035 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.612674952 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.614895105 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.614989042 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.615025997 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.617290974 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.617458105 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.617500067 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.619632006 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.619770050 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.619813919 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.622071028 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.622298002 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.622344017 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.624471903 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.624630928 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.624695063 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.626851082 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.626970053 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.627024889 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.629281044 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.629375935 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.629436016 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.631658077 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.631731987 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.631944895 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.697864056 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.697969913 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.698116064 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.698921919 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.699048042 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.699142933 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.700758934 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.701559067 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.701610088 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.701750994 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.703478098 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.703560114 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.703615904 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.705495119 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.705543995 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.705640078 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.707367897 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.707416058 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.707473040 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.709214926 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.709254980 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.709337950 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.711204052 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.711322069 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.711374998 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.712933064 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.712985039 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.713076115 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.714875937 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.714924097 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.715003967 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.716501951 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.716599941 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.716622114 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.718281031 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.718324900 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.718386889 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.720176935 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.720242977 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.720320940 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.721777916 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.721880913 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.721890926 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.723510027 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.723556995 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.723642111 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.725137949 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.725187063 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.725307941 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.726852894 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.727025032 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.727080107 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.728473902 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.728534937 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.728596926 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.730170012 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.730305910 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.730366945 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.731786013 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.731914997 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.732001066 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.733438969 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.733481884 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.733601093 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.735037088 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.735116959 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.735153913 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.736722946 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.736800909 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.736840963 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.738301039 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.738344908 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.738389015 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.739948988 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.740025997 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.740034103 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.741410971 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.741457939 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.741628885 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.743005037 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.743057966 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.743139982 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.744446039 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.744488955 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.744564056 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.746000051 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.746066093 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.746136904 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.747503996 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.747570038 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.747639894 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.749047041 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.749212980 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.749245882 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.750603914 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.750647068 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.750709057 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.752067089 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.752120972 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.752192020 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.753576994 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.753627062 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.753701925 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.755132914 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.755178928 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.755239964 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.755861044 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.755903959 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.756011009 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.756767035 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.756814003 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.756885052 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.757581949 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.757654905 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.757749081 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.758457899 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.758491993 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.758555889 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.759327888 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.759401083 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.759437084 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.760121107 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.760165930 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.760279894 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.761049986 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.761092901 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.761125088 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.761965990 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.762104034 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.762131929 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.762618065 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.762656927 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.762775898 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.763523102 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.763572931 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.763679981 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.764358044 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.764404058 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.764466047 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.765197992 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.765238047 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.765328884 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.765993118 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.766129017 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.766159058 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.766868114 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.766911983 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.767047882 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.767771959 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.767811060 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.767896891 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.768568039 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.768611908 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.768723965 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.769457102 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.769505978 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.769581079 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.770283937 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.770328999 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.770422935 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.825712919 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.890155077 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.890299082 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.890383959 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.890511036 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.890711069 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.891349077 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.891410112 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.891463995 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.891505957 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.892390966 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.892499924 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.893034935 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.893085003 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.893168926 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.893217087 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.893872976 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.894011974 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.894067049 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.894721985 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.894861937 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.895625114 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.895684004 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.895745039 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.895798922 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.896512985 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.896730900 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.897120953 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.897372007 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.897515059 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.898142099 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.898194075 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.898253918 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.898303986 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.898957014 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.899107933 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.899183035 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.899818897 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.899965048 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.900207996 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.900651932 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.900827885 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.900964975 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.901479006 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.901626110 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.901685953 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.902333975 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.902484894 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.902529955 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.903203011 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.903310061 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.903453112 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.904077053 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.904217958 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.904263973 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.904898882 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.905041933 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.905270100 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.905785084 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.905967951 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.906014919 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.906579018 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.906707048 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.906827927 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.907455921 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.907586098 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.907708883 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.908272982 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.908461094 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.909102917 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.909151077 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.909265995 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.909971952 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.910022020 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.910106897 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.910154104 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.910803080 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.910926104 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.911070108 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.911657095 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.911788940 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.912504911 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.912554979 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.912657976 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.912719965 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.913372993 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.913496971 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.913554907 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.914176941 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.914330959 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.915011883 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.915090084 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.915210009 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.915873051 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.915920019 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.916013002 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.916114092 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.916712999 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.916857004 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.916937113 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.917562962 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.917727947 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.917771101 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.918409109 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.918561935 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.918631077 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.919228077 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.919436932 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.919490099 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.920118093 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.920247078 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.920291901 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.920977116 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.921144962 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.921185017 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.921801090 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.921936989 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.921984911 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.922668934 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.922811031 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.922914028 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.923496962 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.923641920 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.924401999 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.924453974 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.924524069 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.924561024 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.925190926 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.925363064 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.925404072 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.926047087 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.926194906 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.926296949 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.926911116 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.927043915 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.927166939 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.927894115 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.928023100 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.928076982 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.928674936 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.928776026 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.928936958 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.929433107 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.929550886 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.929974079 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.930342913 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.930391073 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.930435896 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.931138039 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.931288004 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.931397915 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.931967974 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.932117939 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.932171106 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.932826996 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.932974100 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.933051109 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.933660030 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.933803082 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.933856010 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:09.934478998 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:09.981957912 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.082159042 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.082242966 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.082354069 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.082561970 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.082758904 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.083352089 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.083422899 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.083565950 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.084126949 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.084253073 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.084398031 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.084758997 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.085122108 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.085273027 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.085313082 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.085983038 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.086117983 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.086306095 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.086785078 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.086981058 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.087038994 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.087665081 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.087862015 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.087920904 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.088489056 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.088630915 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.088742018 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.089337111 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.089488983 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.089951038 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.090269089 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.090480089 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.090671062 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.091119051 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.091285944 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.091445923 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.091872931 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.092010021 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.092061043 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.092772007 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.092926025 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.092972994 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.093673944 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.093863010 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.093923092 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.094842911 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.094981909 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.095510960 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.095601082 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.095858097 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.096121073 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.096441984 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.096596956 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.096642971 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.097450972 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.097605944 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.097649097 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.098159075 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.098253965 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.098391056 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.098812103 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.098972082 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.099029064 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.099530935 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.099637032 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.100424051 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.100472927 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.100501060 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.100541115 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.101452112 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.101581097 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.101627111 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.102037907 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.102176905 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.102273941 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.102885008 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.103060961 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.103173971 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.103733063 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.103890896 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.104007006 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.104597092 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.104716063 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.104908943 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.105520010 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.105658054 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.105705023 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.106271029 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.106416941 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.106996059 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.107105017 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.107281923 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.107330084 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.107997894 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.108093977 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.108170986 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.108802080 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.108932972 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.108977079 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.109643936 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.109803915 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.109846115 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.110500097 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.110642910 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.110765934 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.111351967 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.111488104 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.111534119 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.112231970 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.112366915 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.112744093 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.113024950 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.113197088 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.113246918 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.113876104 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.114022017 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.114063978 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.114737034 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.114887953 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.114922047 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.115638018 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.115751982 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.115864992 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.116436958 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.116559029 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.116604090 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.117275953 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.117403984 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.117496014 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.118150949 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.118267059 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.118372917 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.119031906 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.119153976 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.119199038 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.119832993 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.119951963 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.119997025 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.120695114 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.120841980 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.120913982 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.121539116 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.121675968 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.121720076 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.122354984 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.122490883 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.123281002 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.123358011 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.123416901 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.124032974 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.124082088 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.124197006 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.124237061 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.125015020 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.125142097 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.125332117 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.125747919 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.125871897 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.125988007 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.126595974 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.169488907 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.280961990 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.281204939 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.281454086 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.281487942 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.281729937 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.282098055 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.282185078 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.282350063 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.282870054 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.283036947 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.283299923 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.283421993 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.283556938 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.284121990 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.284265995 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.284280062 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.284965992 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.285012960 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.285126925 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.285835028 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.285949945 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.285991907 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.286693096 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.286797047 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.286834955 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.287550926 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.287704945 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.287749052 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.288361073 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.288404942 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.288490057 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.289233923 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.289356947 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.289469957 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.290081978 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.290290117 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.290342093 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.290921926 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.290971994 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.291054964 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.291732073 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.291867018 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.291912079 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.292587042 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.292634010 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.292741060 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.293431044 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.293477058 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.293561935 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.294281960 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.294423103 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.294466019 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.295125961 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.295175076 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.295275927 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.295984983 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.296154976 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.296197891 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.296854973 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.297030926 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.297061920 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.297688007 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.297883034 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.297925949 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.298535109 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.298585892 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.298680067 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.299374104 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.299542904 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.299606085 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.300223112 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.300370932 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.300407887 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.301048040 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.301178932 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.301198006 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.301918030 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.301966906 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.302052975 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.302748919 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.302799940 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.302876949 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.303622961 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.303668022 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.303781986 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.304466963 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.304510117 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.304589987 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.305346012 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.305502892 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.305546045 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.306165934 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.306222916 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.306304932 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.307013988 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.307059050 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.307132006 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.307890892 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.307993889 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.308037043 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.308701038 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.308753967 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.308840990 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.309587002 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.309737921 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.310208082 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.310385942 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.310424089 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.310503006 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.311227083 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.311269999 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.311355114 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.312077045 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.312119961 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.312210083 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.312958956 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.313087940 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.313127995 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.313751936 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.313795090 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.313878059 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.314629078 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.314673901 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.314749956 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.315469980 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.315510988 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.315558910 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.316330910 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.316379070 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.316454887 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.317188025 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.317291975 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.318010092 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.318052053 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.318129063 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.318903923 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.319003105 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.319026947 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.319675922 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.319786072 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.319814920 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.320525885 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.320573092 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.320684910 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.321398973 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.321535110 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.321577072 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.322329044 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.322377920 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.322468042 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.323431015 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.323560953 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.323594093 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.324265957 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.324359894 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.324403048 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.324799061 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.324841976 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.324872017 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.359206915 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.359250069 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.472958088 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.473064899 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.473359108 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.473404884 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.473598003 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.473686934 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.474220991 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.474361897 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.474412918 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.475050926 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.475181103 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.475250959 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.475899935 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.476022959 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.476063967 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.476741076 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.476898909 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.476948023 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.477619886 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.477766037 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.477813005 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.478432894 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.478665113 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.479269028 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.479336023 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.479393959 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.479435921 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.480114937 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.480268002 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.480902910 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.480951071 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.481128931 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.481249094 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.481817007 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.481972933 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.482018948 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.482659101 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.482795000 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.482995987 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.483489037 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.483644009 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.483791113 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.484338045 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.484498024 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.484541893 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.485205889 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.485356092 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.485536098 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.486128092 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.486233950 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.486280918 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.486908913 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.487049103 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.487119913 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.487740040 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.487903118 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.488574982 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.488620043 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.488708019 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.488753080 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.489476919 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.489609957 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.489646912 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.490282059 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.490408897 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.491012096 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.491138935 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.491288900 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.491332054 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.491977930 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.492121935 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.492178917 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.492934942 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.493290901 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.493685007 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.493726969 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.493793964 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.493837118 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.494529963 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.494676113 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.494714022 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.495363951 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.495518923 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.495563030 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.496207952 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.496361017 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.496424913 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.497076988 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.497174978 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.497217894 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.497994900 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.498142958 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.498193026 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.498780966 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.498924017 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.499605894 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.499651909 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.499743938 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.499780893 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.500451088 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.500628948 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.500679970 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.501358032 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.501478910 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.501519918 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.502135038 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.502296925 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.502996922 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.503041029 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.503264904 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.503329039 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.503851891 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.504036903 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.504084110 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.504717112 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.504863024 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.505089998 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.505528927 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.505680084 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.505734921 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.506350994 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.506489038 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.506537914 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.507237911 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.507354021 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.507401943 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.508088112 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.508256912 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.508945942 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.508994102 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.509113073 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.509155035 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.509753942 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.509887934 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.509938955 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.510601997 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.510720968 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.510935068 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.511452913 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.511605978 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.511652946 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.512291908 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.512443066 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.512484074 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.513130903 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.513315916 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.513448954 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.513997078 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.514128923 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.514183998 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.514900923 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.515094042 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.515597105 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.515724897 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.515870094 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.515908957 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.516490936 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.516649961 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.517184019 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.517329931 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.562035084 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.665544987 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.665561914 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.665621042 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.666040897 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.666054010 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.666162014 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.666543961 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.666788101 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.666835070 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.667262077 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.667463064 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.667511940 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.667968035 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.668144941 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.668199062 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.669210911 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.669495106 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.669713020 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.669756889 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.669971943 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.670020103 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.670530081 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.670681000 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.670723915 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.671427965 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.671562910 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.671690941 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.672677040 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.672944069 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.673177958 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.673213959 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.673450947 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.673975945 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.674026966 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.674105883 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.674737930 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.674788952 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.674875021 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.675219059 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.675647974 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.675899029 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.676234007 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.676492929 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.676590919 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.676634073 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.677304983 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.677469015 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.677515984 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.678128004 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.678281069 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.678355932 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.679001093 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.679136038 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.679251909 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.679868937 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.680022001 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.680684090 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.680715084 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.680804014 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.681384087 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.681541920 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.681675911 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.682240009 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.682495117 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.682602882 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.682796955 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.683310032 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.683442116 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.683486938 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.684092045 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.684365034 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.684431076 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.684962988 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.685071945 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.685292959 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.685740948 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.685873032 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.686016083 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.686712980 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.686881065 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.687005997 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.687577009 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.687669039 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.688110113 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.688317060 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.688442945 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.689141035 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.689158916 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.689282894 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.689323902 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.689996004 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.690160990 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.690205097 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.690829992 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.691003084 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.691168070 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.691603899 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.691711903 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.691867113 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.691926956 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.692540884 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.692670107 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.692711115 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.693376064 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.693522930 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.693866968 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.694250107 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.694400072 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.694439888 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.695123911 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.695226908 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.695343971 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.695952892 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.696093082 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.696182013 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.696758032 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.696906090 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.697035074 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.697417021 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.697439909 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.697685957 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.697756052 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.698151112 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.698476076 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.698637962 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.698777914 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.699363947 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.699489117 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.699600935 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.700172901 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.700355053 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.700406075 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.701186895 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.701325893 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.701373100 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.701939106 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.702061892 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.702359915 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.702728987 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.703052044 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.703088999 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.703088999 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.703145981 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.703524113 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.703674078 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.703716993 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.704524994 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.704651117 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.704747915 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.705216885 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.705449104 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.705495119 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.706202030 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.706274033 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.706319094 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.706962109 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.707106113 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.707146883 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.707809925 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.707918882 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.707962036 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.708002090 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.708040953 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.708606958 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.708740950 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.708780050 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.709414005 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.763220072 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.857134104 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.857264996 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.857561111 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.857615948 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.857767105 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.858414888 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.858486891 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.858643055 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.858696938 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.859558105 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.859632969 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.859786987 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.860392094 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.860642910 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.860691071 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.861366034 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.861507893 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.861557961 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.862112999 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.862231970 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.862277031 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.862900972 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.862992048 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.863074064 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.863468885 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.863603115 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.863646030 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.864314079 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.864464998 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.864512920 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.865165949 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.865299940 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.865365028 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.865997076 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.866132975 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.866236925 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.866836071 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.866997957 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.867063999 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.867687941 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.867836952 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.867883921 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.868552923 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.868704081 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.868781090 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.869416952 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.869565964 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.869606018 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.870331049 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.870428085 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.870532990 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.871104956 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.871258020 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.871296883 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.871942043 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.872170925 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.872268915 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.872777939 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.872931004 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.872972012 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.873636961 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.873805046 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.874484062 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.874646902 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.874706030 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.875336885 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.875551939 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.875781059 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.876185894 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.876298904 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.876367092 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.877026081 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.877156019 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.877660036 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.877857924 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.878002882 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.878052950 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.878705025 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.878849983 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.878896952 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.879551888 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.879676104 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.879719019 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.880435944 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.880558014 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.880619049 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.881309032 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.881385088 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.881628990 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.882100105 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.882222891 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.882319927 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.882976055 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.883106947 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.883166075 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.883785963 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.883939028 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.883986950 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.884635925 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.884773970 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.884818077 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.885487080 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.885644913 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.885689020 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.886322975 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.886467934 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.886513948 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.887196064 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.887346029 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.887387037 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.888057947 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.888199091 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.888257027 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.888873100 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.889019012 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.889089108 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.889704943 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.889857054 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.889903069 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.890737057 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.890896082 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.890949965 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.891401052 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.891546011 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.891592026 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.892244101 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.892406940 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.892831087 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.893090963 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.893210888 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.893434048 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.893953085 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.894124985 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.894202948 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.894838095 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.894989014 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.895034075 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.895637989 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.895801067 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.896550894 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.896574020 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.896660089 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.896699905 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.897340059 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.897500992 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.897665977 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.898200989 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.898313046 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.898358107 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.899048090 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.899189949 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.899241924 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.899898052 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.900044918 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.900090933 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.900712013 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.900846004 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.900896072 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:10.901520967 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:10.950719118 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.049271107 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.049386024 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.049655914 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.049715042 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.049886942 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.049928904 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.050539017 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.050649881 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.050699949 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.051346064 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.051505089 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.051546097 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.052202940 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.052392006 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.052443027 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.053088903 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.053206921 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.053271055 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.053976059 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.054061890 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.054105043 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.054740906 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.054874897 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.054976940 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.055656910 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.055754900 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.055851936 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.056425095 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.056571960 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.056634903 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.057272911 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.057423115 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.057889938 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.058218956 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.058367968 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.058557987 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.058971882 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.059123993 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.059164047 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.059832096 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.059931993 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.060010910 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.060743093 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.060853958 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.060888052 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.061523914 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.061667919 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.061709881 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.062369108 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.062522888 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.062568903 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.063260078 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.063471079 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.063517094 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.064111948 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.064222097 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.064277887 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.064990997 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.065103054 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.065155029 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.065769911 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.065881968 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.065958023 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.066611052 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.066749096 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.066787958 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.067430973 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.067626953 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.067670107 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.068280935 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.068423033 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.068464994 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.069185972 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.069313049 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.069356918 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.070063114 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.070192099 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.070238113 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.070821047 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.070983887 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.071027994 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.071693897 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.071839094 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.071877003 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.072550058 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.072675943 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.072730064 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.073348999 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.073553085 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.073601961 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.074215889 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.074352026 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.074395895 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.075067043 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.075195074 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.075242996 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.075901985 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.076030016 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.076076031 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.076742887 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.076886892 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.077002048 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.077600002 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.077760935 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.077824116 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.078443050 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.078598976 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.078720093 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.079308033 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.079416990 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.079469919 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.080162048 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.080348015 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.080482006 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.080987930 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.081131935 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.081176996 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.081840038 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.081990957 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.082114935 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.082712889 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.082870960 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.082917929 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.083533049 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.083683968 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.083750963 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.084378958 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.084516048 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.084566116 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.085247993 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.085352898 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.085397959 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.086097002 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.086285114 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.086344004 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.086935043 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.087086916 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.087167025 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.087758064 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.087903976 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.087950945 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.088597059 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.088731050 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.088778973 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.089494944 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.089656115 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.089705944 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.090318918 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.090420961 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.090470076 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.091130018 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.091260910 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.091388941 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.092008114 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.092185974 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.092226028 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.092830896 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.092972040 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.093075991 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.093672037 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.138312101 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.241352081 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.241517067 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.241528988 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.241700888 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.241727114 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.241779089 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.242350101 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.242528915 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.242577076 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.243175983 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.243289948 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.243865967 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.243917942 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.243988037 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.244088888 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.244683027 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.244832993 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.244880915 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.245515108 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.245635033 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.245683908 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.246360064 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.246498108 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.246546984 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.247226954 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.247380972 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.247431993 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.248030901 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.248178959 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.248553991 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.248869896 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.249006987 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.249049902 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.249737978 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.249866962 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.249913931 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.250612020 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.250874043 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.250989914 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.251476049 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.251597881 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.251692057 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.252265930 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.252412081 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.252454042 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.253684998 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.253696918 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.253742933 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.254295111 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.254535913 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.254611969 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.254810095 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.255053043 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.255110025 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.255665064 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.255805016 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.255857944 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.256515026 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.256649971 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.256874084 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.257383108 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.257539034 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.257605076 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.258196115 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.258326054 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.258374929 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.259088993 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.259248972 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.259296894 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.259893894 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.260031939 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.260128975 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.260746002 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.260896921 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.260955095 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.261588097 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.261787891 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.261840105 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.262430906 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.262566090 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.262906075 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.263353109 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.263464928 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.263509035 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.264115095 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.264257908 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.264426947 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.264951944 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.265090942 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.265136957 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.265857935 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.266107082 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.266225100 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.266742945 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.266824961 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.266866922 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.267474890 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.267734051 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.268064022 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.268397093 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.268488884 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.268528938 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.269202948 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.269342899 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.269395113 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.270064116 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.270203114 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.270500898 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.270901918 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.271039009 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.271081924 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.271753073 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.271970034 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.272032976 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.272697926 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.272895098 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.273561001 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.273611069 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.273653984 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.273699999 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.274307013 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.274476051 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.275070906 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.275130033 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.275294065 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.275990963 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.276040077 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.276109934 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.276150942 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.276855946 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.276976109 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.277626038 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.277682066 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.277786970 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.277839899 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.278533936 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.278650999 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.278695107 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.279341936 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.279516935 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.279573917 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.280201912 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.280352116 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.280391932 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.281080961 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.281202078 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.281253099 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.281898022 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.282063007 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.282113075 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.282738924 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.282887936 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.282933950 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.283621073 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.283737898 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.283787012 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.284431934 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.284564972 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.284621000 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.285274029 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.285377979 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.285465956 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.289773941 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.433990955 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.434129000 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.434201956 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.434552908 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.434685946 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.434807062 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.435216904 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.435393095 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.435446978 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.436094999 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.436252117 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.436299086 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.436985970 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.437097073 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.437220097 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.437793016 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.437927961 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.437971115 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.438673973 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.438745975 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.438930988 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.439224958 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.439343929 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.439848900 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.440049887 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.440170050 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.440268040 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.440906048 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.441020966 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.441817045 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.441865921 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.441931963 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.441973925 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.442553997 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.442723036 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.442765951 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.443377972 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.443567038 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.443619967 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.444252968 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.444453955 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.444502115 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.445065022 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.445219994 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.445879936 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.445940971 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.446052074 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.446099043 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.446829081 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.446944952 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.446990967 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.447663069 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.447819948 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.448395014 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.448472023 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.448657990 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.448704958 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.449351072 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.449465990 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.449556112 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.450211048 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.450357914 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.450865984 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.451024055 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.451176882 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.451251030 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.451873064 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.451987982 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.452038050 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.453140974 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.453152895 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.453200102 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.453618050 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.453864098 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.453912020 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.454399109 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.454607010 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.454653978 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.455257893 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.455488920 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.455689907 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.456199884 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.456324100 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.456489086 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.456959009 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.457128048 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.457221985 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.457811117 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.457947969 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.458674908 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.458722115 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.458841085 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.458884001 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.459682941 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.459810019 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.460103035 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.460675955 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.460872889 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.460969925 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.461285114 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.461431980 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.461476088 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.462021112 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.462155104 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.462204933 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.462872028 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.462997913 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.463041067 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.463752985 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.463886023 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.463931084 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.464553118 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.464687109 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.464776993 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.465405941 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.465538979 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.465583086 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.466356993 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.466454983 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.466520071 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.467211962 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.467303038 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.467346907 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.468024969 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.468178034 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.468219995 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.468900919 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.469006062 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.469641924 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.469696999 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.469769955 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.469813108 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.470535994 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.470655918 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.470721960 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.471340895 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.471492052 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.471541882 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.472156048 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.472313881 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.472755909 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.473006010 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.473160028 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.473254919 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.473858118 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.474010944 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.474061966 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.474731922 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.474915028 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.474977016 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.475568056 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.475717068 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.475800037 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.476521015 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.476653099 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.476700068 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.477566957 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.477709055 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.477972984 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.478482962 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.528863907 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.626477957 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.626498938 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.626590967 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.626708031 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.626921892 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.626979113 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.627531052 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.627681971 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.627727985 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.628390074 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.628525019 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.628583908 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.629266024 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.629385948 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.629426956 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.630093098 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.630266905 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.630305052 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.630932093 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.631000996 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.631047010 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.631484032 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.631620884 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.631759882 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.632304907 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.632441044 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.632556915 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.633193016 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.633301973 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.633383989 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.634044886 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.634197950 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.634259939 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.634880066 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.635031939 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.635066986 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.635725021 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.635850906 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.635894060 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.636548996 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.636707067 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.636801004 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.637418985 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.637571096 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.637620926 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.638253927 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.638384104 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.638443947 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.639086008 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.639230967 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.639486074 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.639944077 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.640069962 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.640120029 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.640770912 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.640917063 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.641132116 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.641639948 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.641782045 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.641834974 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.642497063 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.642601967 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.642642975 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.643305063 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.643476009 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.643524885 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.644171000 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.644342899 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.644387007 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.645020008 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.645165920 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.645306110 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.645848989 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.646011114 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.646061897 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.646749020 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.646951914 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.646995068 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.647542953 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.647677898 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.647939920 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.648436069 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.648575068 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.648627043 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.649271965 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.649404049 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.649456978 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.650144100 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.650341988 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.650404930 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.651343107 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.651813984 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.651827097 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.651860952 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.652089119 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.652143002 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.652842045 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.652978897 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.653027058 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.653564930 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.653718948 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.653769016 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.654367924 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.654500008 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.654551029 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.655181885 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.655424118 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.655479908 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.656003952 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.656125069 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.656213045 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.656888962 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.657104969 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.657177925 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.657712936 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.657871962 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.657915115 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.658596992 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.658736944 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.658926010 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.659404993 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.659581900 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.659661055 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.660259008 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.660396099 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.660449028 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.661216974 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.661377907 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.661509037 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.661962986 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.662173986 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.662240028 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.662827015 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.662940025 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.663026094 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.663202047 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.663666964 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.663804054 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.663858891 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.664535046 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.664777994 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.664864063 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.665385962 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.665497065 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.665545940 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.666187048 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.666337967 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.666388035 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.667038918 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.667170048 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.667221069 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.667881012 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.668014050 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.668064117 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.668741941 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.668863058 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.668910980 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.669548035 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.669696093 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.669744968 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.670386076 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.687428951 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.843318939 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.843466997 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.843614101 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.843661070 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.843924999 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.844010115 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.844542027 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.844698906 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.844755888 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.845411062 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.845565081 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.845666885 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.846344948 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.846576929 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.846791029 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.847861052 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.847872972 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.847923994 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.848335028 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.848346949 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.848395109 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.848788977 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.849097967 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.849147081 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.849607944 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.849747896 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.849980116 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.850502968 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.850714922 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.850769997 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.851280928 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.851428986 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.851484060 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.852163076 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.852294922 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.852526903 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.852983952 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.853180885 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.853252888 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.853862047 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.854001045 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.854054928 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.855118036 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.855346918 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.855434895 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.855607986 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.855845928 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.856056929 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.856431961 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.856528997 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.856570005 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.857249022 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.857393026 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.857440948 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.858119011 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.858258963 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.858305931 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.858901024 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.859047890 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.859103918 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.860177040 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.860454082 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.860723972 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.860726118 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.860908031 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.860964060 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.861459017 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.861610889 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.861655951 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.862345934 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.862483978 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.862535000 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.863158941 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.863401890 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.863450050 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.864006996 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.864161015 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.864211082 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.864829063 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.864976883 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.865026951 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.865700960 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.865833044 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.865919113 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.866523027 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.866702080 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.866754055 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.867392063 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.867523909 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.867594004 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.868238926 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.868346930 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.868397951 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.869107962 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.869256973 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.869312048 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.869929075 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.870076895 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.870125055 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.870804071 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.871035099 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.871093988 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.871630907 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.871794939 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.871851921 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.872456074 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.872605085 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.872648954 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.873311996 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.873445034 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.873486996 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.874178886 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.874304056 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.874371052 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.874974966 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.875149012 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.875191927 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.875895977 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.876032114 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.876076937 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.876941919 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.877110958 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.877163887 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.877547979 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.877692938 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.877736092 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.878369093 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.878571033 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.878618002 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.879246950 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.879373074 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.879420996 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.880086899 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.880238056 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.880280972 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.881002903 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.881124020 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.881170988 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.881757975 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.881993055 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.882038116 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.882642984 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.882839918 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.882884979 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.883574009 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.883663893 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.883711100 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.884402037 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.884561062 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.884974003 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.885148048 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.885312080 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.885359049 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.886006117 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.886142969 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.886190891 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.886981010 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.887177944 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.887224913 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:11.887892962 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:11.935134888 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.035650015 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.035748005 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.035906076 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.036114931 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.036181927 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.036701918 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.036828995 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.036955118 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.037513971 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.037650108 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.037728071 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.038377047 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.038476944 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.038557053 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.039225101 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.039340973 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.039439917 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.040112019 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.040426016 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.040528059 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.040981054 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.041138887 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.041186094 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.041735888 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.041889906 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.042357922 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.042562008 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.042711020 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.042776108 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.043411016 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.043570042 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.044295073 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.044426918 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.044460058 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.044693947 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.045124054 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.045258045 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.045372963 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.046049118 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.046166897 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.046360016 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.046794891 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.046986103 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.047281027 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.047741890 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.047883987 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.047952890 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.048512936 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.048664093 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.049192905 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.049349070 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.049597025 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.049884081 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.050204039 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.050338984 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.050607920 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.051064014 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.051187992 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.051835060 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.051877975 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.052047014 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.052154064 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.052741051 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.052912951 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.053128004 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.053586006 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.053761005 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.054145098 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.054446936 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.054579020 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.054672956 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.055284023 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.055434942 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.056144953 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.056261063 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.056293964 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.056428909 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.056984901 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.057154894 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.057224035 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.057878017 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.058053017 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.058399916 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.058664083 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.058896065 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.059561968 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.059710979 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.059712887 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.059819937 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.060378075 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.060514927 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.061204910 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.061207056 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.061359882 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.061433077 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.062050104 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.062180042 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.062297106 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.062896967 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.063049078 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.063746929 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.063852072 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.063879967 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.063939095 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.064631939 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.064834118 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.065340042 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.065429926 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.065573931 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.065926075 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.066282988 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.066412926 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.066468954 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.067123890 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.067275047 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.067600965 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.068028927 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.068173885 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.068373919 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.068821907 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.068963051 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.069180965 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.069675922 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.069849968 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.070226908 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.070535898 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.070667028 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.070722103 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.071459055 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.071706057 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.072069883 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.072434902 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.072572947 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.072688103 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.073292017 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.073373079 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.073602915 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.073947906 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.074101925 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.074769974 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.074805975 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.074918985 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.075001955 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.075670004 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.075845957 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.075979948 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.076448917 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.076594114 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.076828003 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.077303886 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.077502966 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.077675104 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.078131914 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.078301907 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.078545094 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.078989029 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.079138994 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.079628944 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.079786062 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.122601986 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.227667093 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.227709055 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.228039026 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.228051901 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.228074074 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.228137970 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.228816032 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.228967905 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.229063034 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.229656935 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.229840040 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.230752945 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.230786085 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.230954885 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.231029034 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.231615067 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.231718063 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.232362032 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.232436895 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.232469082 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.232487917 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.233072996 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.233280897 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.233346939 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.233902931 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.234069109 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.234754086 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.234783888 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.234898090 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.235060930 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.235595942 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.235755920 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.236036062 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.236469030 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.236592054 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.236643076 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.237299919 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.237502098 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.237569094 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.238162994 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.238281965 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.238449097 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.238961935 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.239118099 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.239830971 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.239962101 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.239991903 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.240369081 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.240675926 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.240797997 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.241525888 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.241666079 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.241717100 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.241782904 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.242352009 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.242510080 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.242567062 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.243244886 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.243390083 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.244046926 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.244294882 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.244326115 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.244523048 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.244914055 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.245086908 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.245346069 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.245758057 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.245908976 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.246083021 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.246587038 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.246736050 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.246891022 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.247708082 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.247958899 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.248291969 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.248476982 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.248505116 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.249136925 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.249281883 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.249308109 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.250021935 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.250104904 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.250134945 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.250797987 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.251353979 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.251367092 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.251852989 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.251878977 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.252100945 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.252543926 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.252569914 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.252664089 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.253375053 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.253401995 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.253515005 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.254218102 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.254241943 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.254345894 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.255017042 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.255050898 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.255199909 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.255381107 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.255923033 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.256053925 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.256148100 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.256728888 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.256896019 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.257013083 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.257667065 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.257785082 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.258322954 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.258472919 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.258641005 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.258696079 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.259283066 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.259424925 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.259592056 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.260176897 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.260376930 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.260459900 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.261100054 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.261637926 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.261693001 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.262068987 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.262200117 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.262314081 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.262687922 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.262851954 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.263134003 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.263526917 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.263669014 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.264374018 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.264398098 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.264611006 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.264659882 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.265228033 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.265360117 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.266072989 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.266269922 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.266299963 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.266968966 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.266998053 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.267093897 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.267271042 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.267780066 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.267951965 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.268192053 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.268620014 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.268887043 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.269023895 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.269524097 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.269640923 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.269684076 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.270330906 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.270566940 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.270798922 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.271215916 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.271416903 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.271512032 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.272001982 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.325794935 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.419699907 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.419811010 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.420010090 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.420095921 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.420236111 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.420325041 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.420690060 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.420861006 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.420984030 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.421546936 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.421679974 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.422374010 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.422539949 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.422569036 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.423216105 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.423243999 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.423351049 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.424093008 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.424118996 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.424201965 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.424998045 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.425024033 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.425115108 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.425816059 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.425853014 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.426075935 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.426595926 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.426742077 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.426768064 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.427166939 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.427475929 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.427634954 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.428173065 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.428288937 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.428426981 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.428505898 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.429222107 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.429337025 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.429532051 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.429961920 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.430394888 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.430527925 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.430835962 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.430972099 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.431111097 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.431678057 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.431838989 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.432656050 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.432773113 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.432790041 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.432857037 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.433444023 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.433623075 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.433897018 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.434303045 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.434555054 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.434701920 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.435261011 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.435400009 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.436213017 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.436460972 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.436487913 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.436583996 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.436928034 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.437052965 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.437175989 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.437762976 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.437930107 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.438474894 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.438611984 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.438640118 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.439110994 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.439302921 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.439505100 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.440231085 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.440371990 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.440380096 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.440479040 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.441147089 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.441378117 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.441550016 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.442109108 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.442243099 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.442346096 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.442878962 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.443038940 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.443675041 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.443730116 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.443774939 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.443872929 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.444387913 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.444545984 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.444751978 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.445207119 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.445470095 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.445666075 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.446085930 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.446234941 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.446309090 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.446934938 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.447053909 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.447218895 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.447756052 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.448010921 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.448579073 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.448730946 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.448770046 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.449460983 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.449616909 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.449645996 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.450252056 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.450366974 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.450541019 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.450577974 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.451141119 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.451292038 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.451350927 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.452032089 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.452307940 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.452380896 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.452827930 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.453059912 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.453130007 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.453687906 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.453902006 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.454013109 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.454596996 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.454722881 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.454791069 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.455393076 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.455513954 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.455558062 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.456295967 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.456459999 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.456549883 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.457113981 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.457238913 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.457365990 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.458004951 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.458086967 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.458255053 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.458759069 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.458909988 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.459059954 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.459593058 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.459758997 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.459853888 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.460459948 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.460586071 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.461316109 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.461450100 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.461481094 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.462274075 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.462362051 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.462390900 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.462821007 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.462996960 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.463129044 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.463805914 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.463917017 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.612252951 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.612488985 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.612670898 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.612870932 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.613353014 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.613389969 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.613526106 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.614218950 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.614250898 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.614322901 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.615031004 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.615061045 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.615180969 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.615901947 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.616044998 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.616077900 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.616632938 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.616777897 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.616928101 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.617065907 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.617587090 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.617733955 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.618477106 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.618510008 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.618624926 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.619054079 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.619343996 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.619460106 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.620174885 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.620204926 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.620316029 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.620953083 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.620987892 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.621072054 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.621857882 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.621889114 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.621979952 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.622127056 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.622661114 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.622786045 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.623505116 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.623538017 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.623670101 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.624408007 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.624439955 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.624581099 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.625226974 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.625282049 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.625360012 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.626106977 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.626137972 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.626302004 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.627013922 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.627114058 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.627216101 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.627378941 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.627859116 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.628035069 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.628639936 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.628784895 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.628819942 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.629419088 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.629446030 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.629580021 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.630389929 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.630414963 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.630525112 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.631174088 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.631210089 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.631263971 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.631994009 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.632021904 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.632098913 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.632915020 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.632946014 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.633142948 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.633649111 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.633678913 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.633793116 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.634507895 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.634540081 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.634629965 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.635061026 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.635340929 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.635488033 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.636226892 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.636254072 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.636333942 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.636516094 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.637061119 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.637233973 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.638020039 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.638053894 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.638134956 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.638528109 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.638783932 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.638931036 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.639064074 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.639611959 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.639727116 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.640109062 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.640453100 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.640707016 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.641263962 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.641315937 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.641375065 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.641486883 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.642191887 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.642437935 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.642950058 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.643058062 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.643121958 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.643568993 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.643825054 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.643975973 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.644136906 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.644689083 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.644788980 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.644862890 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.645528078 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.645673037 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.645833015 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.646400928 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.646625042 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.646800995 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.647367954 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.647520065 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.649564028 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.649576902 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.649744034 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.650012970 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.650207043 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.650379896 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.650495052 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.650526047 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.650628090 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.650968075 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.651096106 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.651216030 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.651560068 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.651657104 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.651727915 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.652309895 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.652492046 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.652580023 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.653153896 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.653240919 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.653345108 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.653964996 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.654119968 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.654892921 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.655035019 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.655061007 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.655402899 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.655683994 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.655833006 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.655937910 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.656467915 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.700737953 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.804697037 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.804995060 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.805159092 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.805176020 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.805187941 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.805295944 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.805708885 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.805867910 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.806292057 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.806552887 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.806699991 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.807172060 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.807430029 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.807607889 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.807765007 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.808275938 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.808414936 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.808648109 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.809099913 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.809222937 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.809407949 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.809936047 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.810087919 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.810784101 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.810816050 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.810930967 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.811135054 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.811647892 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.811801910 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.811887026 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.812484980 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.812644005 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.812805891 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.813354015 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.814459085 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.814532042 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.814543962 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.814853907 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.815057993 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.815212965 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.815428019 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.815870047 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.816014051 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.817014933 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.817425013 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.817440987 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.817514896 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.817888975 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.818161011 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.818222046 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.818447113 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.818627119 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.818737030 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.819288969 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.819482088 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.819860935 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.820274115 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.820380926 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.821101904 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.821238041 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.821274042 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.821367979 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.822125912 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.822257996 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.822493076 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.822987080 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.823117971 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.823652983 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.823791981 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.823839903 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.823915958 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.824418068 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.824532032 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.824659109 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.825172901 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.825323105 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.825383902 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.826060057 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.826200008 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.826293945 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.826872110 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.827008009 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.827128887 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.828119040 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.828131914 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.828249931 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.828632116 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.828879118 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.829032898 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.829417944 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.829582930 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.829660892 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.830271959 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.830415964 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.831106901 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.831137896 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.831295967 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.831407070 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.832035065 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.832217932 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.832425117 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.833338976 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.833355904 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.833758116 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.833758116 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.834003925 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.834280014 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.834592104 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.834763050 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.835056067 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.835344076 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.835494995 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.835910082 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.836174011 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.836374998 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.836482048 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.837234020 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.837316990 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.837483883 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.837974072 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.838174105 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.838345051 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.838773966 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.838880062 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.839103937 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.839680910 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.839859009 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.840051889 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.840476036 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.840692997 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.841017008 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.841341019 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.841634035 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.841826916 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.842456102 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.842699051 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.842873096 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.842957020 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.843204021 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.843310118 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.843806028 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.843947887 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.844661951 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.844799995 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.844832897 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.845201015 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.845516920 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.845629930 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.846350908 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.846494913 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.846503019 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.846594095 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.847237110 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.847363949 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.847642899 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.848066092 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.848186016 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.848391056 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.848901033 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.907063007 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.997132063 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.997211933 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.997284889 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.997495890 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.997755051 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.998512030 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.998565912 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.998708010 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.998754978 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:12.999393940 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.999506950 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:12.999561071 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:13.000160933 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.000329971 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.001013041 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.001064062 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:13.001172066 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.001214027 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:13.001820087 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.001962900 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.002571106 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.002623081 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:13.002696991 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.002738953 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:13.003366947 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.003514051 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.003559113 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:13.004225016 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.004374027 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.005073071 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.005115986 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:13.005203962 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.005245924 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:13.005911112 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.006190062 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.006871939 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.006917000 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:13.006973982 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.007020950 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:13.007661104 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.007786989 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.007833958 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:13.008488894 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.008655071 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.009325027 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.009381056 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:13.009444952 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.009486914 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:13.010154963 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.010267019 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.011003971 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.011056900 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:13.011099100 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.012229919 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.012243032 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.012279034 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:13.012299061 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:13.012712002 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.012897968 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.012947083 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:13.013540983 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.013693094 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.014358997 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.014408112 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:13.014482021 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.014517069 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:13.016196966 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.016216040 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.016263008 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:13.049091101 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:13.049148083 CET497407575192.168.2.7104.37.175.221
                                        Dec 4, 2024 14:53:13.169203043 CET757549740104.37.175.221192.168.2.7
                                        Dec 4, 2024 14:53:13.169226885 CET757549740104.37.175.221192.168.2.7

                                        Click to jump to process

                                        Click to jump to process

                                        Click to dive into process behavior distribution

                                        Click to jump to process

                                        Target ID:0
                                        Start time:08:52:45
                                        Start date:04/12/2024
                                        Path:C:\Users\user\Desktop\aHoqCI0AZq.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\aHoqCI0AZq.exe"
                                        Imagebase:0x400000
                                        File size:2'981'888 bytes
                                        MD5 hash:7F1FB038CE59B5F4808AE37A9C3BE0F6
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:low
                                        Has exited:true

                                        Target ID:4
                                        Start time:08:53:02
                                        Start date:04/12/2024
                                        Path:C:\Users\user\Desktop\aHoqCI0AZq.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\aHoqCI0AZq.exe"
                                        Imagebase:0x400000
                                        File size:2'981'888 bytes
                                        MD5 hash:7F1FB038CE59B5F4808AE37A9C3BE0F6
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1481987026.0000000000980000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000004.00000003.1484841394.0000000003130000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000002.1492074686.0000000000B60000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000004.00000003.1484615371.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:low
                                        Has exited:true

                                        Target ID:5
                                        Start time:10:40:28
                                        Start date:04/12/2024
                                        Path:C:\Windows\SysWOW64\svchost.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\svchost.exe"
                                        Imagebase:0x560000
                                        File size:46'504 bytes
                                        MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000005.00000003.1485912236.0000000000530000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000005.00000003.1489510673.0000000004C10000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000005.00000003.1489713350.0000000004E30000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000005.00000002.1577253029.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:high
                                        Has exited:true

                                        Target ID:8
                                        Start time:10:40:28
                                        Start date:04/12/2024
                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                        Wow64 process (32bit):true
                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 412
                                        Imagebase:0x2d0000
                                        File size:483'680 bytes
                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        Target ID:9
                                        Start time:10:40:37
                                        Start date:04/12/2024
                                        Path:C:\Windows\System32\fontdrvhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:"C:\Windows\System32\fontdrvhost.exe"
                                        Imagebase:0x7ff6080a0000
                                        File size:827'408 bytes
                                        MD5 hash:BBCB897697B3442657C7D6E3EDDBD25F
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:moderate
                                        Has exited:true

                                        Target ID:11
                                        Start time:10:40:40
                                        Start date:04/12/2024
                                        Path:C:\Windows\System32\WerFault.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\WerFault.exe -u -p 1196 -s 144
                                        Imagebase:0x7ff6ee070000
                                        File size:570'736 bytes
                                        MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        Reset < >

                                          Execution Graph

                                          Execution Coverage:0%
                                          Dynamic/Decrypted Code Coverage:0%
                                          Signature Coverage:7.8%
                                          Total number of Nodes:51
                                          Total number of Limit Nodes:0
                                          execution_graph 33916 42b640 45 API calls 33922 40de70 26 API calls 33837 424870 OpenClipboard GetClipboardData GetClipboardData GetClipboardData CloseClipboard 33925 417273 28 API calls 33926 420670 16 API calls 33929 4c9670 GetCurrentThreadId GetKeyboardLayout GetLocaleInfoA 33839 4dc870 EnterCriticalSection LeaveCriticalSection 33935 4275fe 16 API calls 33842 4d8000 EndDoc 33936 40d210 46 API calls 33846 4fc810 InitializeCriticalSection 33941 408220 14 API calls 33848 401031 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection 33849 41d430 56 API calls 33950 4012c0 16 API calls 33953 40fad0 26 API calls 33852 4118d0 7 API calls 33854 4144de 34 API calls 33957 4086e0 19 API calls 33855 41d8e0 35 API calls 33856 4210e0 InterlockedCompareExchange Sleep InterlockedCompareExchange InterlockedExchange 33959 41bee8 19 API calls 33966 411a80 27 API calls 33967 40c290 QueryPerformanceCounter QueryPerformanceCounter 33867 427090 GetACP GetCPInfo 33869 401ca0 278 API calls 33970 40eaa0 28 API calls 33874 41b4b0 48 API calls 33973 41eab0 28 API calls 33979 4f9340 CoCreateInstance 33880 40d560 29 API calls 33982 417f61 29 API calls 33881 401170 12 API calls 33988 50af60 CoTaskMemAlloc 33826 4dc300 GetCommandLineA 33827 42c310 33826->33827 33886 40fd10 39 API calls 33823 44a710 33824 44a712 ExitProcess 33823->33824 33892 40d530 25 API calls 34000 41ef32 26 API calls 33893 40cdc0 17 API calls 34005 4ddfc0 64 API calls 34006 4263cc 18 API calls 33896 40d1d0 24 API calls 33898 41e5d0 GetSystemTime GetTimeZoneInformation 34007 42abd0 30 API calls 33902 41cde0 36 API calls 33905 412180 25 API calls 34014 4dd780 46 API calls 33908 428191 26 API calls

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 0 44a710-44a719 2 44a729 0->2 3 44a71b-44a727 0->3 4 44a73a-44a748 ExitProcess 2->4 3->4
                                          APIs
                                          • ExitProcess.KERNEL32(00000000), ref: 0044A748
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: ExitProcess
                                          • String ID:
                                          • API String ID: 621844428-399585960
                                          • Opcode ID: 293620465462d170643fb551289f4f82b8ddd7fd95f4a21ffe41ffa866c1d984
                                          • Instruction ID: 4153d7d145e48ef0bfada68ad49838f97c765877aadb4e058581a2a78d09dbec
                                          • Opcode Fuzzy Hash: 293620465462d170643fb551289f4f82b8ddd7fd95f4a21ffe41ffa866c1d984
                                          • Instruction Fuzzy Hash: E7E04F75E4A25CCEEB30CA56EC017B8B775EB94316F0040EBD54D96241C6344D958F56

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 5 44a6e0-44a6fa 6 44a6fc-44a706 5->6 7 44a708 5->7 8 44a712-44a719 6->8 7->8 9 44a729 8->9 10 44a71b-44a727 8->10 11 44a73a-44a748 ExitProcess 9->11 10->11
                                          APIs
                                          • ExitProcess.KERNEL32(00000000), ref: 0044A748
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: ExitProcess
                                          • String ID:
                                          • API String ID: 621844428-0
                                          • Opcode ID: 301b0aacc8fca0e78445999e19763b72f532b71fd961c991c7f3581a4234fff3
                                          • Instruction ID: 1ceb8dd2f8bb3b7ec6cf47d3eabd97270618131fd29c238ba72ea5f4f3f95bef
                                          • Opcode Fuzzy Hash: 301b0aacc8fca0e78445999e19763b72f532b71fd961c991c7f3581a4234fff3
                                          • Instruction Fuzzy Hash: 79F01C7494622DCEEF308F61C8457ACB7B0BB04315F1082EAC46D67780C3348E829F86

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 12 4dc300-4dc310 GetCommandLineA call 42c310
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CommandLine
                                          • String ID:
                                          • API String ID: 3253501508-0
                                          • Opcode ID: 04003b1c6e78a75645abe312a21659dec6fb72e0dd25253600e7555adc4d96f0
                                          • Instruction ID: 324ae4de550c7ee1837b525cc46cc1c53208b04041f71095fcaff5b360da8b69
                                          • Opcode Fuzzy Hash: 04003b1c6e78a75645abe312a21659dec6fb72e0dd25253600e7555adc4d96f0
                                          • Instruction Fuzzy Hash: 51B012788003A00E83717B3834455CE7FF50C1D2E43844A58FCC1A3315D61488975AFA

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 14 4d7960-4d796e 15 4d7977-4d797a 14->15 16 4d7970-4d7976 14->16 17 4d797c-4d7984 15->17 18 4d7985-4d7995 LoadLibraryA 15->18 19 4d7ad8-4d7aeb 18->19 20 4d799b-4d7aac GetProcAddress * 19 18->20 20->19 22 4d7aae-4d7ab5 20->22 23 4d7ab7-4d7ab9 22->23 24 4d7ad2 22->24 23->24 25 4d7abb-4d7ad1 23->25 24->19
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: WSAAsyncGetHostByName$WSAAsyncSelect$WSACancelAsyncRequest$WSACleanup$WSAGetLastError$WSAStartup$WSOCK32.DLL$accept$bind$closesocket$connect$htonl$htons$inet_addr$listen$recv$recvfrom$send$sendto$socket
                                          • API String ID: 0-3677570488
                                          • Opcode ID: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                          • Instruction ID: 8c9ac86f1f98df4bb1f2f2f05f7a43d8bd4a8589446ea9a4d4fdb8b68f6288ad
                                          • Opcode Fuzzy Hash: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                          • Instruction Fuzzy Hash: 5031DE71D523646AD7206BB9EC19DEF3EACFBB6704B510517F000972A0EAF88458AF94

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 689 4d9ab0-4d9ab7 690 4d9abd-4d9ac0 689->690 691 4d9c1c-4d9c1d 689->691 690->691 692 4d9ac6-4d9ad4 690->692 693 4d9ada-4d9aeb call 4b8000 692->693 694 4d9ba3-4d9ba5 692->694 699 4d9c19-4d9c1b 693->699 700 4d9af1-4d9b14 call 421380 GlobalAlloc 693->700 696 4d9ba8-4d9bad 694->696 696->696 698 4d9baf-4d9bc2 GlobalAlloc 696->698 698->699 701 4d9bc4-4d9bcb GlobalLock 698->701 699->691 707 4d9b2e-4d9b3f call 52b380 700->707 708 4d9b16-4d9b28 GlobalLock call 4b81c0 GlobalUnlock 700->708 702 4d9bd0-4d9bd8 701->702 702->702 704 4d9bda-4d9bdb GlobalUnlock 702->704 706 4d9be1-4d9be3 704->706 710 4d9be9-4d9bf3 OpenClipboard 706->710 711 4d9be5-4d9be7 706->711 716 4d9b41-4d9b6b WideCharToMultiByte GlobalAlloc 707->716 717 4d9b90-4d9ba1 call 439d00 707->717 708->707 710->699 714 4d9bf5-4d9c03 EmptyClipboard 710->714 711->699 711->710 718 4d9c0a-4d9c0c 714->718 719 4d9c05-4d9c08 SetClipboardData 714->719 720 4d9b6d-4d9b70 GlobalLock 716->720 721 4d9b87-4d9b8d call 439d00 716->721 717->706 722 4d9c0e-4d9c11 SetClipboardData 718->722 723 4d9c13 CloseClipboard 718->723 719->718 725 4d9b76-4d9b7e 720->725 721->717 722->723 723->699 725->725 728 4d9b80-4d9b81 GlobalUnlock 725->728 728->721
                                          APIs
                                          • GlobalAlloc.KERNEL32(00002002,00000002), ref: 004D9B06
                                          • GlobalLock.KERNEL32(00000000), ref: 004D9B17
                                          • GlobalUnlock.KERNEL32(00000000), ref: 004D9B28
                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000001,00000000,00000000), ref: 004D9B51
                                          • GlobalAlloc.KERNEL32(00002002,00000001), ref: 004D9B61
                                          • GlobalLock.KERNEL32(00000000), ref: 004D9B70
                                          • GlobalUnlock.KERNEL32(00000000), ref: 004D9B81
                                          • GlobalAlloc.KERNEL32(00002002,00000003,?,?,?,00000000,0040D599,00000000,00000000), ref: 004D9BB8
                                          • GlobalLock.KERNEL32(00000000), ref: 004D9BC5
                                          • GlobalUnlock.KERNEL32(00000000), ref: 004D9BDB
                                          • OpenClipboard.USER32(00000000), ref: 004D9BEB
                                          • EmptyClipboard.USER32 ref: 004D9BF5
                                          • SetClipboardData.USER32(0000000D,00000000), ref: 004D9C08
                                          • SetClipboardData.USER32(00000001,00000000), ref: 004D9C11
                                          • CloseClipboard.USER32 ref: 004D9C13
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: Global$Clipboard$AllocLockUnlock$Data$ByteCharCloseEmptyMultiOpenWide
                                          • String ID:
                                          • API String ID: 3392129136-0
                                          • Opcode ID: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                          • Instruction ID: e40826f6a6b6de4095afa5ba746f594757548e465f4129e7c784a6b23cc7d310
                                          • Opcode Fuzzy Hash: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                          • Instruction Fuzzy Hash: 7A41F371104302ABE3111B61BC99B277BFCAFA1B04F09041BF986D7341DA69EC09D7BA

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 778 416621-416631 779 416637-41663c 778->779 780 416b2e-416b35 778->780 779->780 781 416642-416651 call 49ad90 779->781 784 416653 781->784 785 416655-41665b 781->785 784->785 786 41666d-41667a call 4848b0 785->786 787 41665d-41666b call 4848b0 785->787 792 41667e-416682 786->792 787->792 793 416684-416688 792->793 794 4166bc-4166c1 792->794 793->794 797 41668a-416692 793->797 795 4166c3 794->795 796 4166c5-4166c9 794->796 795->796 799 41686a-41687b call 40cef0 796->799 800 4166cf-4166e7 call 463050 call 411870 796->800 797->794 798 416694-41669d 797->798 798->794 801 41669f-4166ac 798->801 809 4168a5-4168ae 799->809 810 41687d-416881 799->810 800->799 818 4166ed-4167be call 4c9000 call 40ceb0 call 4900f0 call 4c9000 call 40ceb0 call 4900f0 call 4c9000 call 40ceb0 call 4900f0 call 4c9000 call 40ceb0 call 4900f0 800->818 804 4166ba 801->804 805 4166ae-4166b2 801->805 804->794 805->804 808 4166b4-4166b8 805->808 808->794 808->804 813 4168b0-4168b5 809->813 814 4168c5-4168c9 809->814 810->809 812 416883-41688b 810->812 812->809 816 41688d-416895 812->816 813->814 817 4168b7-4168c0 call 40f880 813->817 819 416b0f-416b2b call 439d00 814->819 820 4168cf-4168d9 814->820 816->809 821 416897-4168a0 call 40f880 816->821 817->814 916 4167c0-4167d5 call 4c9000 818->916 917 4167d7-4167e7 call 4c9000 818->917 819->780 825 4168f9-41690e call 415860 820->825 826 4168db-4168f3 call 463050 call 411870 820->826 821->809 837 416af2-416b0e call 439d00 825->837 838 416914-416928 825->838 826->825 826->837 842 416940-416950 838->842 843 41692a-41693b call 4900f0 838->843 847 416952-416963 call 4900f0 842->847 848 416968-416978 842->848 858 416ab6-416ac8 call 4c9030 843->858 847->858 849 416990-4169a0 848->849 850 41697a-41698b call 4900f0 848->850 855 4169a2-4169b3 call 4900f0 849->855 856 4169b8-4169c8 849->856 850->858 855->858 863 4169e0-4169f0 856->863 864 4169ca-4169db call 4900f0 856->864 876 416ad7-416aec call 415860 858->876 877 416aca-416ad2 call 4900f0 858->877 869 4169f2-416a03 call 4900f0 863->869 870 416a08-416a18 863->870 864->858 869->858 870->858 872 416a1e-416a3b call 4900f0 call 48c060 870->872 890 416a3d-416a6d call 463070 call 490dd0 call 48c060 872->890 891 416a6f-416a79 call 4023b0 872->891 876->837 876->838 877->876 890->858 890->891 891->858 901 416a7b-416a86 call 411870 891->901 901->858 908 416a88-416a9e call 48c020 call 495630 901->908 908->858 921 416aa0-416ab3 call 4900f0 call 439d00 908->921 925 4167ec-416812 call 40ceb0 call 4900f0 916->925 917->925 921->858 933 416814-416827 call 495630 925->933 934 41683f-416852 call 495630 925->934 933->934 939 416829-41683c call 4900f0 call 439d00 933->939 934->799 940 416854-416867 call 4900f0 call 439d00 934->940 939->934 940->799
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: COMM$TALB$TCON$TIT2$TPE1$TRCK$TYER$album$artist$comment$genre$songname$track$year
                                          • API String ID: 0-590896439
                                          • Opcode ID: 58e90cd763c27353f5f737474b6cde04d51412e2af52a5f89d8bdd9097ff8991
                                          • Instruction ID: 644f6fcce6cd6c0cf36f8c2a49984ad5006fbd26ddfeab9ab515d91a446fbcca
                                          • Opcode Fuzzy Hash: 58e90cd763c27353f5f737474b6cde04d51412e2af52a5f89d8bdd9097ff8991
                                          • Instruction Fuzzy Hash: 36D1F471204240ABDB14EA55C892BBB77E9AF84304F05482EF64587382EF7DDC49C7AA
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: _level$gfff$gfff$landscape$paperHeight$portrait$printAsBitmap$xMax$xMin$yMax$yMin
                                          • API String ID: 0-188115620
                                          • Opcode ID: dea08f720592daa481637ef8359b17615b2d3d0a0cce9d10a90a14ebba861c01
                                          • Instruction ID: 70ff334641663e0afb433915ac50cfd4971647fdd0d0ab24e810831b83e0dab3
                                          • Opcode Fuzzy Hash: dea08f720592daa481637ef8359b17615b2d3d0a0cce9d10a90a14ebba861c01
                                          • Instruction Fuzzy Hash: 7C6290706047019FC714DF29D491AABB7E1FF88344F14896EF58A8B791DB38E884CB99
                                          APIs
                                          • OpenClipboard.USER32(00000000), ref: 004D9C27
                                          • GetClipboardData.USER32(00000001), ref: 004D9C3A
                                          • GetClipboardData.USER32(0000000D), ref: 004D9C42
                                          • GetClipboardData.USER32(00000000), ref: 004D9C4B
                                          • CloseClipboard.USER32 ref: 004D9C56
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: Clipboard$Data$CloseOpen
                                          • String ID:
                                          • API String ID: 464010812-0
                                          • Opcode ID: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                          • Instruction ID: 2f18cbc0f6c8a3dbd26954e8439ab7c802a903eab365c315afdcc22c9d276e9e
                                          • Opcode Fuzzy Hash: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                          • Instruction Fuzzy Hash: 41E09AB230022517EB9026BA6C4CF97A2EC9F54F90F050123F604C6340E6A6CC0457B1
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $K$gfff$gfff$gfff
                                          • API String ID: 0-1048959944
                                          • Opcode ID: d12f4ee0db7e837eeaddada9b02ab57d1ed414e4daef55ec7281e1621cc72c7d
                                          • Instruction ID: 9d2a5138eda07fb78ed16dc27847904d5eff4784a57d1f73a6c8b6feaa4118fd
                                          • Opcode Fuzzy Hash: d12f4ee0db7e837eeaddada9b02ab57d1ed414e4daef55ec7281e1621cc72c7d
                                          • Instruction Fuzzy Hash: 91426DB06083558FC728CF19D590A6BBBE5BFC8304F44895EF88A8B352D738D945CB96
                                          APIs
                                          • GetCurrentThreadId.KERNEL32 ref: 004C9674
                                          • GetKeyboardLayout.USER32(00000000), ref: 004C967B
                                          • GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,?,?,004D9D12,?,000000FF), ref: 004C9693
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CurrentInfoKeyboardLayoutLocaleThread
                                          • String ID:
                                          • API String ID: 4094687451-0
                                          • Opcode ID: 1ddd6823bd2bc3ee9e8a39c3bbd18c243f80e9d84aa9d73e1ce1e55aef709746
                                          • Instruction ID: c18c3e67b2d418a81a9ed34cd04b46ff7c576915d0efad72319c368f8fc6f991
                                          • Opcode Fuzzy Hash: 1ddd6823bd2bc3ee9e8a39c3bbd18c243f80e9d84aa9d73e1ce1e55aef709746
                                          • Instruction Fuzzy Hash: A9E0E57A6003107BD601EB68BC09FAB77F8AB54B01F408419FA44C2280E338D90897FB
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $
                                          • API String ID: 0-227171996
                                          • Opcode ID: 395a1bfc07a86bc1b17be198384b933d6e74c24733d271f90db895820ae6568e
                                          • Instruction ID: e3b698b264220c6a4a7ff30e5bd10faba35ce6b07e42392d760f651db3adf898
                                          • Opcode Fuzzy Hash: 395a1bfc07a86bc1b17be198384b933d6e74c24733d271f90db895820ae6568e
                                          • Instruction Fuzzy Hash: E46249716183419FC364CF29C980A6BB7E5FFC8304F148A2EE59997391D738E905CB9A
                                          APIs
                                          • GetSystemTime.KERNEL32(?,?,004CE646,?,0041E572), ref: 004CE5B7
                                          • GetTimeZoneInformation.KERNEL32(00563D90,?,?,004CE646,?,0041E572), ref: 004CE607
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: Time$InformationSystemZone
                                          • String ID:
                                          • API String ID: 702727434-0
                                          • Opcode ID: f738a3c553d765e04b5bec4b324b6c4fee79bb83ad17f4052d4625c48ac5b856
                                          • Instruction ID: 027c201d87c87fe04e998a3dacbc9da3b97e28b55a26ca5f2fa1b84a2cf7f3f2
                                          • Opcode Fuzzy Hash: f738a3c553d765e04b5bec4b324b6c4fee79bb83ad17f4052d4625c48ac5b856
                                          • Instruction Fuzzy Hash: E9011D78608201DBC310BF09E85556BB7F9FB78B10FC0850AE48583321E3F68D88DB29
                                          APIs
                                          • GetProcessHeap.KERNEL32(00000000,?,00528C3A,-00000003), ref: 0052B447
                                          • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004012F9), ref: 0052B44E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: Heap$AllocProcess
                                          • String ID:
                                          • API String ID: 1617791916-0
                                          • Opcode ID: 59176d969d8d5ab64b55edfac97e4b95670c40f205a4eeb4c3389c15a55de6de
                                          • Instruction ID: 2d67d1c8230b34df0e9697497b7d0e8b3de7afbebdcce056a4f33b586f436b97
                                          • Opcode Fuzzy Hash: 59176d969d8d5ab64b55edfac97e4b95670c40f205a4eeb4c3389c15a55de6de
                                          • Instruction Fuzzy Hash: 61B092B9604200ABDE009BA0AE0CB1BB678AB54702F000400B619C1160C630C804EB31
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: R
                                          • API String ID: 0-1968290334
                                          • Opcode ID: 8546aa269060c6db0e10336a880f1cd0ec7275522bd7a3a93064d1100faa0acd
                                          • Instruction ID: ce0d7d11e4424d034f190161494b7aac1bec0c29b2276794a3ebc18ef3406d1c
                                          • Opcode Fuzzy Hash: 8546aa269060c6db0e10336a880f1cd0ec7275522bd7a3a93064d1100faa0acd
                                          • Instruction Fuzzy Hash: 84C1D1B2E041689AFB208A14DC84BFBB775FF95310F1480FAD84DA7641D6791EC28F66
                                          APIs
                                          • CoCreateInstance.OLE32(00549E88,00000000,00000001,0054A654,?,?,?,004FB325,?,?,00000000,7772E820), ref: 004F9365
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CreateInstance
                                          • String ID:
                                          • API String ID: 542301482-0
                                          • Opcode ID: 32cc378c3d08419dc9c729465278953167982d40ee5e1f975ead0e7be58d7922
                                          • Instruction ID: d33697237a28c181885f9fc6147cb760b8f27fbda8fa23562785bbd0682874fe
                                          • Opcode Fuzzy Hash: 32cc378c3d08419dc9c729465278953167982d40ee5e1f975ead0e7be58d7922
                                          • Instruction Fuzzy Hash: E8F0823270111167D7288A2EEC45BE7B7D9AFD8710B05412ABD04D7280D7A0EC418594
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: Version
                                          • String ID:
                                          • API String ID: 1889659487-0
                                          • Opcode ID: ee60f9e95fcef11a94c07e1fc1ede8b3207cc5aa390eaa880cb51700aab72f76
                                          • Instruction ID: 055774edfa36a1cc0f2afeca4167b9a8919af704cd7fbd49c209ae17ea6089f8
                                          • Opcode Fuzzy Hash: ee60f9e95fcef11a94c07e1fc1ede8b3207cc5aa390eaa880cb51700aab72f76
                                          • Instruction Fuzzy Hash: D3E0C22C0042804EE7608F38A90AB593BB1AB65244F8804DCD4E443213D3B9021FE766
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dc5a42f13e7841349ae14dd0d814db7469e84fc1a093c776fc8443455eaf0811
                                          • Instruction ID: 01d32cbd04fd490b405bbb3076ca95c53af9ac6c7c72bf4527c2ddcebbd18577
                                          • Opcode Fuzzy Hash: dc5a42f13e7841349ae14dd0d814db7469e84fc1a093c776fc8443455eaf0811
                                          • Instruction Fuzzy Hash: D58269703083119FD714DF29E580B6BB7E5BB98708F84895EE8898B341D738EC56CB5A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a904873dfafe76d50723d2220b700b55706c147e6e180d2363eb77a360958730
                                          • Instruction ID: 96a45275b5f9c73a41d1d8337e9608839c2e373e62523567d3dab65913c056f8
                                          • Opcode Fuzzy Hash: a904873dfafe76d50723d2220b700b55706c147e6e180d2363eb77a360958730
                                          • Instruction Fuzzy Hash: 1212AF71608B019BC714DF69C890AABB3F5BF88304F444A2EF585C3741E778E949CB9A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 04095868b29765f6348be8197726760830473c8083571c9ba6bc4c95f4dee8ec
                                          • Instruction ID: 498cbeb692f4c70c8915f573c8722a097fb1111c7146c1bbe368278cd5f5e3e7
                                          • Opcode Fuzzy Hash: 04095868b29765f6348be8197726760830473c8083571c9ba6bc4c95f4dee8ec
                                          • Instruction Fuzzy Hash: 5F02CE71A04B049FD310CF29E84679AB7F5FFD8304F04892EF4CA96691D7B8E4699B09
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 927d87f6a08cd34fb77d99441a45c3a4ce47cf1e0f25776f7bb3331dde36990d
                                          • Instruction ID: 1e7c3244e7452ae8d69b03c5c8d6f6dafe267a2916603bd4dd3bb4cac85038a4
                                          • Opcode Fuzzy Hash: 927d87f6a08cd34fb77d99441a45c3a4ce47cf1e0f25776f7bb3331dde36990d
                                          • Instruction Fuzzy Hash: FCC15171A087A28FC304CF5884C0406FFE2BED535072DC7AAD8985B3A6D378A899D7D5
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 328fd253c3d3266b9f1183c168a7c073fa13225f90af89d8ccac7b3aac2585fb
                                          • Instruction ID: bfa59705cebf717bb77a31e3df0fdea1df1b133d84f49527330e693498930ead
                                          • Opcode Fuzzy Hash: 328fd253c3d3266b9f1183c168a7c073fa13225f90af89d8ccac7b3aac2585fb
                                          • Instruction Fuzzy Hash: 0091A4B2D001285FF728CA18DD56AEBBB79EB84314F0541BBE40DA6684D7785FC1CE42
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6a5c0a1541d3030db029717021fe89afd2a5752fc6c068978f495cf4b702206e
                                          • Instruction ID: daade82ce8e1d1b2ee71ce6920598c29f2be78123f22ed51f0027d5a07208b60
                                          • Opcode Fuzzy Hash: 6a5c0a1541d3030db029717021fe89afd2a5752fc6c068978f495cf4b702206e
                                          • Instruction Fuzzy Hash: F471E8B2D001285FF768CA18DD56AEBBB78EB45314F0541FBE80DA6680D6385FC5CE52
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 68be6958af1c6a53e962f91bcc0efa0a9d1af6a4e755137e866c4c74eff88070
                                          • Instruction ID: 95a1ac05ea7bf9e85cb9af7e548825cad19751d86e8640f90a726477929908b6
                                          • Opcode Fuzzy Hash: 68be6958af1c6a53e962f91bcc0efa0a9d1af6a4e755137e866c4c74eff88070
                                          • Instruction Fuzzy Hash: 6351B5B2D011285FF768CA18DE56AEBBB78EF94314F0541BBE40DA6680D6385FC4CD42
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 75b50ff1b9ba4dd892b9e41ada2c345e4812fadd8f996589414a3cb6cb0e819a
                                          • Instruction ID: 53d2608e8c54cd10bb4b85a771cf95748db63415cbca46aee886de67e8a57e6b
                                          • Opcode Fuzzy Hash: 75b50ff1b9ba4dd892b9e41ada2c345e4812fadd8f996589414a3cb6cb0e819a
                                          • Instruction Fuzzy Hash: E0218EB1B054214FDB2C9B0E942113AB7E3EFDE30234A82BEE8579B3A9D9741D11D694

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 26 4f4a60-4f4a93 EnterCriticalSection 27 4f4a95-4f4a9d 26->27 28 4f4aa3-4f4aab 26->28 27->28 29 4f4aad-4f4ab5 28->29 30 4f4abb-4f4ac3 28->30 29->30 31 4f4ac5-4f4acd 30->31 32 4f4ad3-4f4adb 30->32 31->32 33 4f4aed-4f4af5 32->33 34 4f4add-4f4ae7 32->34 35 4f4afb-4f4b07 LeaveCriticalSection 33->35 36 4f4bf2-4f4bfe LeaveCriticalSection 33->36 34->33 37 4f4b09-4f4b19 35->37 38 4f4b21-4f4b27 35->38 39 4f4c18-4f4c1e 36->39 40 4f4c00-4f4c10 36->40 37->38 41 4f4b29-4f4b39 38->41 42 4f4b41-4f4b47 38->42 43 4f4c38-4f4c3e 39->43 44 4f4c20-4f4c30 39->44 40->39 41->42 45 4f4bbb-4f4bc1 42->45 46 4f4b49-4f4b69 42->46 47 4f4cb2-4f4cb8 43->47 48 4f4c40-4f4c60 43->48 44->43 51 4f4f2f-4f4f35 45->51 52 4f4bc7-4f4bf1 45->52 53 4f4b6b 46->53 54 4f4b71-4f4bb8 call 462e80 call 4a5380 call 439d00 46->54 55 4f4cdc-4f4d05 EnterCriticalSection LeaveCriticalSection 47->55 56 4f4cba-4f4cd4 47->56 49 4f4c68-4f4caf call 462e80 call 4a5380 call 439d00 48->49 50 4f4c62 48->50 49->47 50->49 53->54 54->45 59 4f4f2e 55->59 60 4f4d0b-4f4d1c EnterCriticalSection LeaveCriticalSection 55->60 56->55 59->51 64 4f4d24-4f4d42 EnterCriticalSection 60->64 65 4f4df8-4f4e1d EnterCriticalSection call 4f3bc0 LeaveCriticalSection 64->65 66 4f4d48-4f4d50 64->66 77 4f4e1f-4f4e2b 65->77 78 4f4e3b-4f4e46 call 4f3340 65->78 66->65 69 4f4d56-4f4d6e EnterCriticalSection LeaveCriticalSection 66->69 73 4f4d74-4f4df1 EnterCriticalSection LeaveCriticalSection EnterCriticalSection LeaveCriticalSection 69->73 74 4f4df3 69->74 73->65 73->74 74->65 81 4f4e2d 77->81 82 4f4e32-4f4e34 77->82 89 4f4e97-4f4e9c LeaveCriticalSection 78->89 90 4f4e48-4f4e4d 78->90 81->82 82->78 87 4f4e36-4f4e39 82->87 87->78 87->89 91 4f4ea2-4f4ebd EnterCriticalSection 89->91 92 4f4e4f-4f4e51 90->92 93 4f4e69-4f4e73 call 4f3d00 90->93 96 4f4ebf-4f4ec1 91->96 97 4f4ed8-4f4ee5 LeaveCriticalSection 91->97 92->93 94 4f4e53-4f4e55 92->94 101 4f4e78-4f4e8f LeaveCriticalSection 93->101 94->93 100 4f4e57-4f4e67 call 4ff020 call 439d00 94->100 102 4f4eca-4f4ed2 96->102 103 4f4ec3-4f4ec8 96->103 98 4f4f0c-4f4f12 97->98 99 4f4ee7-4f4efb EnterCriticalSection 97->99 98->59 107 4f4f14-4f4f29 98->107 104 4f4efd 99->104 105 4f4f01-4f4f06 LeaveCriticalSection 99->105 100->101 101->64 108 4f4e95 101->108 102->97 103->97 104->105 105->98 107->59 108->91
                                          APIs
                                          • EnterCriticalSection.KERNEL32 ref: 004F4A89
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4AFB
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4BF2
                                          • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F4CEA
                                          • LeaveCriticalSection.KERNEL32(?,?), ref: 004F4CFD
                                          • EnterCriticalSection.KERNEL32(?), ref: 004F4D17
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4D1A
                                          • EnterCriticalSection.KERNEL32(?), ref: 004F4D36
                                          • EnterCriticalSection.KERNEL32(?), ref: 004F4D5D
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4D66
                                          • EnterCriticalSection.KERNEL32(?), ref: 004F4D81
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4D87
                                          • EnterCriticalSection.KERNEL32(?), ref: 004F4DB6
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4DC0
                                          • EnterCriticalSection.KERNEL32(?), ref: 004F4E05
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4E11
                                          • LeaveCriticalSection.KERNEL32(?,00000000), ref: 004F4E7D
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4E9C
                                          • EnterCriticalSection.KERNEL32(?), ref: 004F4EB3
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4ED9
                                          • EnterCriticalSection.KERNEL32(?), ref: 004F4EF4
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4F06
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalSection$Leave$Enter
                                          • String ID: NetStream.Play.Start$NetStream.Play.Stop$NetStream.Play.StreamNotFound$NetStream.Seek.InvalidTime$NetStream.Seek.Notify$error$status
                                          • API String ID: 2978645861-761530088
                                          • Opcode ID: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                          • Instruction ID: 162dc2aece2cb8deeda7270d3cf99ca9d96a23cce06d37320eaaf024755f17c1
                                          • Opcode Fuzzy Hash: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                          • Instruction Fuzzy Hash: C7E190352047459FD320DB34C845BABBBE1BF89714F04895DE9AA57382CB74F80ACB65

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 590 4d5d20-4d5d40 call 435350 593 4d6069-4d6073 590->593 594 4d5d46-4d5d56 call 435400 590->594 597 4d5d58-4d5d6f DestroyWindow 594->597 598 4d5d72-4d5d82 call 435400 594->598 601 4d5dab-4d5dbb call 435400 598->601 602 4d5d84-4d5da8 call 4d5380 call 4db4e0 598->602 607 4d5dbd-4d5dec call 4d5380 call 4a7ac0 601->607 608 4d5def-4d5dff call 435400 601->608 616 4d5fdc-4d5fec call 435400 608->616 617 4d5e05-4d5e12 608->617 630 4d5fee-4d602f call 4d5380 GetMenu call 4dad30 616->630 631 4d6032-4d6042 call 435400 616->631 620 4d5e14-4d5e16 617->620 621 4d5e41-4d5e55 GetModuleFileNameA 617->621 625 4d5e1c-4d5e1e 620->625 626 4d5e18-4d5e1a 620->626 622 4d605c-4d6066 621->622 623 4d5e5b-4d5e5c 621->623 623->622 629 4d5e62-4d5e69 623->629 627 4d5e24-4d5e26 625->627 628 4d5e20-4d5e22 625->628 626->625 632 4d5e38-4d5e3f 626->632 634 4d5e2c-4d5e2e 627->634 635 4d5e28-4d5e2a 627->635 628->627 628->632 636 4d5e6b-4d5e6e 629->636 637 4d5e80-4d5e82 629->637 631->593 644 4d6044-4d6056 call 4d5380 631->644 632->620 632->621 634->632 640 4d5e30-4d5e32 634->640 635->632 635->634 636->637 641 4d5e70-4d5e71 636->641 637->622 643 4d5e88-4d5e92 637->643 640->622 640->632 641->629 645 4d5e73-4d5e7d 641->645 647 4d5e95-4d5e9a 643->647 644->622 647->647 650 4d5e9c-4d5ec2 call 52b380 * 2 647->650 656 4d5fbf-4d5fd9 call 439d00 * 2 650->656 657 4d5ec8-4d5eca 650->657 657->656 659 4d5ed0-4d5eda 657->659 661 4d5ee0-4d5ee8 659->661 661->661 663 4d5eea-4d5eed 661->663 665 4d5ef0-4d5ef6 663->665 665->665 666 4d5ef8-4d5f20 665->666 667 4d5f22-4d5f2a 666->667 667->667 668 4d5f2c-4d5f30 667->668 669 4d5f33-4d5f39 668->669 669->669 670 4d5f3b-4d5f4d 669->670 671 4d5f50-4d5f55 670->671 671->671 672 4d5f57-4d5f5d 671->672 673 4d5f60-4d5f66 672->673 673->673 674 4d5f68-4d5fb9 CreateProcessA 673->674 674->656
                                          APIs
                                          • DestroyWindow.USER32(?,?,?,?,?), ref: 004D5D5F
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: DestroyWindow
                                          • String ID: D$FSCommand:$\fscommand$allowscale$exec$fullscreen$quit$showmenu$trapallkeys
                                          • API String ID: 3375834691-1928458085
                                          • Opcode ID: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                          • Instruction ID: 7647b0b3e504c4bbb0374484e0d8b702cf2a7569de5a553b4a60fd35f403e9ef
                                          • Opcode Fuzzy Hash: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                          • Instruction Fuzzy Hash: 27914C35504B015BCB24EF28EC617FBB791AFA6309F44451FE8888B341DB2A990BC7D9

                                          Control-flow Graph

                                          APIs
                                          • GetWindowLongA.USER32(?,000000F0), ref: 004DB511
                                          • GetWindowRect.USER32(?,?), ref: 004DB531
                                          • GetClientRect.USER32(?,?), ref: 004DB541
                                          • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB55D
                                          • GetMenu.USER32(?), ref: 004DB581
                                          • SetMenu.USER32(?,00000000), ref: 004DB596
                                          • GetDesktopWindow.USER32 ref: 004DB5B0
                                          • GetWindowRect.USER32(00000000,?), ref: 004DB5BC
                                          • SetWindowPos.USER32(?,00000000,?,?,?,?,00000000,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB5E1
                                          • GetWindowLongA.USER32(?,000000F0), ref: 004DB604
                                          • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB62A
                                          • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB66D
                                          • GetWindowRect.USER32(?,?), ref: 004DB6A5
                                          • GetClientRect.USER32(?,?), ref: 004DB6B7
                                          • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB702
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: Window$Rect$Long$ClientMenuMove$Desktop
                                          • String ID:
                                          • API String ID: 3087884050-0
                                          • Opcode ID: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                          • Instruction ID: afb7dc4107877f96dc9ff69242aee4b267e14dc018c2a581ac30f1de2d6509eb
                                          • Opcode Fuzzy Hash: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                          • Instruction Fuzzy Hash: 1C61F7756047009FE714CF79D888FA7B7E9EB98314F108A1EE5AA83344DE74B8088B65

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 730 4cfe40-4cfe62 731 4cfe68-4cfe6d call 497d20 730->731 732 4cffe0-4cfffd RegOpenKeyExA 730->732 741 4cfe6f call 4cb0e0 731->741 734 4cffff-4d002b RegQueryValueExA 732->734 735 4d0049-4d0059 732->735 736 4d002d-4d0039 call 435020 734->736 737 4d003e-4d0042 734->737 736->737 740 4d0043 RegCloseKey 737->740 740->735 742 4cfe74-4cfe76 741->742 743 4cfe7c-4cfe99 RegOpenKeyExW 742->743 744 4cff3f-4cff5c RegOpenKeyExA 742->744 743->735 746 4cfe9f-4cfecb RegQueryValueExW 743->746 744->735 745 4cff62-4cff8e RegQueryValueExA 744->745 747 4cffd9-4cffde 745->747 748 4cff90-4cff93 745->748 746->737 749 4cfed1-4cfee3 call 4b8350 746->749 747->740 750 4cffc8-4cffd4 call 435020 748->750 751 4cff95-4cffa9 call 4b8440 748->751 749->737 756 4cfee9-4cfeec 749->756 750->747 751->747 760 4cffab-4cffc6 call 435020 call 439d00 751->760 758 4cfeee-4cff04 call 435020 call 439d00 756->758 759 4cff09-4cff1e call 4d9d70 call 439d00 756->759 758->737 759->737 773 4cff24-4cff3a call 435020 call 439d00 759->773 760->740 773->737
                                          APIs
                                          • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFE8F
                                          • RegQueryValueExW.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFEC1
                                          • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFF52
                                          • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFF84
                                          • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFFF3
                                          • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004D0021
                                          • RegCloseKey.ADVAPI32(00000000), ref: 004D0043
                                            • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: OpenQueryValue$CloseVersion
                                          • String ID: AppData$AppData$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                          • API String ID: 3944000476-502054578
                                          • Opcode ID: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                          • Instruction ID: f72081d33d1e3e5e856db847e9c33e0e25e3821136d69a0383b26c3c547fa845
                                          • Opcode Fuzzy Hash: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                          • Instruction Fuzzy Hash: 0151B2715087017BC725DB50EC95FAB73E8AF88754F00891EF98553381EAB9D80AC7AA

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 949 4f5fc0-4f5fd7 950 4f5fdd-4f5ff0 call 4f5cb0 949->950 951 4f6093-4f6095 949->951 963 4f605d-4f6065 950->963 964 4f5ff2-4f6058 call 4fe010 950->964 953 4f60f7-4f60f9 951->953 954 4f6097-4f609f 951->954 956 4f60ff-4f6101 953->956 957 4f61a1 953->957 958 4f60b2-4f60ba 954->958 959 4f60a1-4f60a6 954->959 961 4f62e5-4f62ec 956->961 965 4f6107-4f6148 EnterCriticalSection LeaveCriticalSection EnterCriticalSection LeaveCriticalSection call 4f2bf0 956->965 960 4f61a7-4f61a9 957->960 957->961 958->953 962 4f60bc-4f60be 958->962 959->958 966 4f60a8-4f60b0 959->966 960->961 967 4f61af-4f61c2 call 4f24f0 960->967 968 4f60d3 962->968 969 4f60c0-4f60c5 962->969 963->951 971 4f6067-4f607c EnterCriticalSection 963->971 964->963 980 4f614a 965->980 981 4f6167-4f6174 call 4f2bf0 965->981 966->958 966->962 983 4f624e-4f625b call 4f24f0 967->983 984 4f61c8-4f61ce 967->984 975 4f60d9-4f60f2 call 4e5ec0 968->975 969->968 974 4f60c7-4f60d1 969->974 976 4f607e 971->976 977 4f6085-4f608d LeaveCriticalSection 971->977 974->968 974->975 975->953 976->977 977->951 982 4f6150-4f6165 call 4f3d00 call 4f2bf0 980->982 981->961 997 4f617a 981->997 982->981 983->961 998 4f6261 983->998 989 4f61d0-4f61df EnterCriticalSection 984->989 994 4f61e6-4f61ef 989->994 995 4f61e1 989->995 1000 4f6201-4f620a 994->1000 1001 4f61f1-4f61ff 994->1001 995->994 1002 4f6180-4f6195 call 4f3d00 call 4f2bf0 997->1002 1003 4f6267-4f6276 EnterCriticalSection 998->1003 1005 4f6211-4f622b LeaveCriticalSection EnterCriticalSection 1000->1005 1001->1005 1021 4f6197-4f619e 1002->1021 1007 4f627d-4f6286 1003->1007 1008 4f6278 1003->1008 1009 4f622d-4f6233 1005->1009 1010 4f6240-4f624c LeaveCriticalSection 1005->1010 1012 4f6298-4f62a1 1007->1012 1013 4f6288-4f6296 1007->1013 1008->1007 1014 4f623a-4f623d 1009->1014 1015 4f6235-4f6238 1009->1015 1010->983 1010->989 1017 4f62a8-4f62c2 LeaveCriticalSection EnterCriticalSection 1012->1017 1013->1017 1014->1010 1015->1010 1019 4f62d7-4f62e3 LeaveCriticalSection 1017->1019 1020 4f62c4-4f62ca 1017->1020 1019->961 1019->1003 1022 4f62cc-4f62cf 1020->1022 1023 4f62d1-4f62d4 1020->1023 1022->1019 1023->1019
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?,?,00000000,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F606E
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F608D
                                          • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6111
                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F611B
                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F612B
                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6135
                                            • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                            • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                            • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                            • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                            • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                            • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                          • EnterCriticalSection.KERNEL32(?,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F61D1
                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6212
                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F621C
                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6244
                                          • EnterCriticalSection.KERNEL32(?,00000001,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6268
                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62A9
                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62B3
                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62DB
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalSection$EnterLeave
                                          • String ID:
                                          • API String ID: 3168844106-0
                                          • Opcode ID: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                          • Instruction ID: 143f1fb28292c6c8f5848ec82d72cb0c1768edffe3cb57bca7300ec5568bca4f
                                          • Opcode Fuzzy Hash: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                          • Instruction Fuzzy Hash: 2AA1113020430E8BC725DF349854BBBBBB9AF94304F15056EFA5687382DB79E809CB65
                                          APIs
                                          • StartDocA.GDI32(?,00000000), ref: 004D7F29
                                          • GetDeviceCaps.GDI32(?,00000008), ref: 004D7F47
                                          • GetDeviceCaps.GDI32(?,0000000A), ref: 004D7F55
                                          • LPtoDP.GDI32(00000000,00000002), ref: 004D7F83
                                          • GetDeviceCaps.GDI32(00000000,0000006E), ref: 004D7FA0
                                          • GetDeviceCaps.GDI32(00000000,0000006F), ref: 004D7FAE
                                          • GetDeviceCaps.GDI32(00000000,00000058), ref: 004D7FBC
                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004D7FD2
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CapsDevice$Start
                                          • String ID: portrait
                                          • API String ID: 1738886688-2504013051
                                          • Opcode ID: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                          • Instruction ID: 78bfa520cedcb1c13f518f393ea8421dc938ea51f70754ce75912898c89e0c82
                                          • Opcode Fuzzy Hash: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                          • Instruction Fuzzy Hash: 7641DFB0604B109FC324DF2AD980A1AFBF5BF98710F108A1EE58A877A1D771E845CF91
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?,00000000,?,00000000,00000000,?,004AC0BD,?,?), ref: 004F705A
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F7081
                                          • EnterCriticalSection.KERNEL32(?), ref: 004F709A
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F70A3
                                          • timeGetTime.WINMM(00000000,00000000,00000000,00000000,?), ref: 004F7390
                                          • LeaveCriticalSection.KERNEL32(?,?), ref: 004F73D5
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalSection$Leave$Enter$Timetime
                                          • String ID:
                                          • API String ID: 4022644143-0
                                          • Opcode ID: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                          • Instruction ID: 3d57daaa4b40982c2e4bbac1192c2a7fdd3e5fb289d79a2cbb097eeb1d58369f
                                          • Opcode Fuzzy Hash: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                          • Instruction Fuzzy Hash: 60A12B303083495BC7259F398890BBBBBE59F85700F04456EFA9AC7392DB6CE905D768
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?,?,?,00000000,004F7352,?), ref: 004F2A19
                                          • timeGetTime.WINMM ref: 004F2A25
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F2A39
                                          • timeGetTime.WINMM(?), ref: 004F2A46
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F2AD7
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalSection$LeaveTimetime$Enter
                                          • String ID: NetStream.Buffer.Empty$NetStream.Buffer.Full$status
                                          • API String ID: 2943255653-4242577526
                                          • Opcode ID: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                          • Instruction ID: adfbc573f46a5ae42de3eb127535f59d6c3a8125dfae6686c248f3bcdabba04f
                                          • Opcode Fuzzy Hash: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                          • Instruction Fuzzy Hash: 33217471740705ABD7308F14DD86B6BB7A4FB50B21F24462BF267966D0C7B4B8408754
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B64,00000002), ref: 004F3ED0
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F3EDE
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F3F20
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalSection$Leave$Enter
                                          • String ID:
                                          • API String ID: 2978645861-0
                                          • Opcode ID: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                          • Instruction ID: 85195bc957575009e4a7604c5a43e45099f91f30af12cfc7e5b33174ac27f883
                                          • Opcode Fuzzy Hash: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                          • Instruction Fuzzy Hash: BF81C0316047494FC724DF39989057BB7F1AF853117148A2FE6A787B81DB38E805CB68
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?), ref: 00401181
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004011B1
                                          • timeGetTime.WINMM ref: 004011C5
                                          • timeGetTime.WINMM ref: 004011D5
                                          • EnterCriticalSection.KERNEL32(?), ref: 004011E3
                                          • LeaveCriticalSection.KERNEL32(?), ref: 0040122A
                                          • timeGetTime.WINMM ref: 0040123E
                                          • EnterCriticalSection.KERNEL32(?), ref: 00401261
                                          • LeaveCriticalSection.KERNEL32(?), ref: 0040129E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalSection$EnterLeaveTimetime
                                          • String ID:
                                          • API String ID: 3486229058-0
                                          • Opcode ID: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                          • Instruction ID: b4a63a4f06c8fcffd2d454e61e85ed039b73bf68413dd997414ba6e559c29426
                                          • Opcode Fuzzy Hash: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                          • Instruction Fuzzy Hash: 6641D6357003148FCB309F60E80466BB7F4AF6575470486AEE896BB3E1DB38EC459AA5
                                          APIs
                                          • InterlockedExchange.KERNEL32(00000020,00000000), ref: 00411B68
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: ExchangeInterlocked
                                          • String ID: GET$_bytesLoaded$_bytesTotal$_customHeaders$contentType$loaded
                                          • API String ID: 367298776-2876428247
                                          • Opcode ID: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                          • Instruction ID: 337a073203a489cf9af6a636d5e82807fd5ac3b12a53b57697a6972a4ae57270
                                          • Opcode Fuzzy Hash: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                          • Instruction Fuzzy Hash: F6D126706047056BC714EF65D842AABB7E5BF88304F404A2EFA4687392EB38F945C799
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,004F5BA3,00000000), ref: 004F34EA
                                          • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3537
                                          • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3545
                                          • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3556
                                          • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F355F
                                          • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3594
                                          • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F359D
                                          • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36AD
                                          • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36BB
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalSection$Enter$Leave
                                          • String ID:
                                          • API String ID: 2801635615-0
                                          • Opcode ID: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                          • Instruction ID: 93c01fc31a9ee7373f9c1d93048bf40271cec5808ab28bfcb2eca2428eaae834
                                          • Opcode Fuzzy Hash: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                          • Instruction Fuzzy Hash: 1F51BE3020474A9BD7249F319558BBBBBF8AF84742F04485EE5DEC3361DB28EA08C724
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?,?,?,?), ref: 004F3709
                                          • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F374C
                                          • LeaveCriticalSection.KERNEL32(?,?), ref: 004F375C
                                          • EnterCriticalSection.KERNEL32(?), ref: 004F376D
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F377A
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F37A9
                                          • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F37C5
                                          • LeaveCriticalSection.KERNEL32(?,?), ref: 004F37D5
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F37EC
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalSection$Leave$Enter
                                          • String ID:
                                          • API String ID: 2978645861-0
                                          • Opcode ID: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                          • Instruction ID: 1822ab8b2bc00c4b335a7296647f06df4fe24da2c1cedc303b1505dbbb5a7089
                                          • Opcode Fuzzy Hash: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                          • Instruction Fuzzy Hash: 2831D1B11087894BC610AF35A9807EBFBF8BF89714F04499DE5E953251C734AA1DC726
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: gethostbynamehtonlhtonsinet_addr
                                          • String ID: localhost
                                          • API String ID: 4009071410-2663516195
                                          • Opcode ID: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                          • Instruction ID: cf482c115b2fa46a5b5609c5aae3d134ea41c2cdeafd480f3feffcf81808ee73
                                          • Opcode Fuzzy Hash: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                          • Instruction Fuzzy Hash: 9131ED30208311ABDB20DF249C85BBBB7E5FF95710F004A1EF9559B381E7719948C7A6
                                          APIs
                                          • timeGetTime.WINMM(00000000), ref: 004145E1
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: Timetime
                                          • String ID: gfff$gfff$gfff$gfff
                                          • API String ID: 17336451-2178600047
                                          • Opcode ID: a6eb4a1a4bf024f16c397edd5e841aed2049ab2de515439dd25e44f6491a1c28
                                          • Instruction ID: e32ce3efbecf0e845fb5c017bd6949167df468d5a0ad1b28c98723774e94ba96
                                          • Opcode Fuzzy Hash: a6eb4a1a4bf024f16c397edd5e841aed2049ab2de515439dd25e44f6491a1c28
                                          • Instruction Fuzzy Hash: 79C17E313046059BD718DF15C494BEA77A6BFC8704F18856EE8498F382CB79ED42CB9A
                                          APIs
                                          • timeKillEvent.WINMM(?), ref: 004D8B13
                                          • Sleep.KERNEL32(00000001,?,0041D4A9), ref: 004D8B2D
                                          • waveOutReset.WINMM(?,?,0041D4A9), ref: 004D8B34
                                          • waveOutUnprepareHeader.WINMM(?,-000013C4,00000020,?,?,0041D4A9), ref: 004D8B5A
                                          • Sleep.KERNEL32(00000001,?,?,0041D4A9), ref: 004D8B63
                                          • waveOutClose.WINMM(?,?,0041D4A9), ref: 004D8B86
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: wave$Sleep$CloseEventHeaderKillResetUnpreparetime
                                          • String ID:
                                          • API String ID: 3030913982-0
                                          • Opcode ID: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                          • Instruction ID: 723e303dfaa0e6e3e16fcc3d7d301ea8209cd941138754b25ec6b12d62c8e06b
                                          • Opcode Fuzzy Hash: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                          • Instruction Fuzzy Hash: 0401ADB5A00214ABC3149F14EC88AAEB7F8FB98B11F00091BF41497301CB79A9598BF5
                                          APIs
                                          • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000,?,?,?,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF94E
                                          • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,-00000001,00000000,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF99D
                                          • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000), ref: 004CF9BF
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID: \\?\
                                          • API String ID: 823142352-4282027825
                                          • Opcode ID: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                          • Instruction ID: d900b4c61e2357813c95f9d4093febd61d3ae0210469f6574eac6d9984f09979
                                          • Opcode Fuzzy Hash: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                          • Instruction Fuzzy Hash: A141C2B5904300BBEB50EB21DC86F1B77A9EB89348F24092EF54597381D63DDC48C7A6
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?,00000000,?,?,004DDFDB,000000FF,00000001,004DE7BA), ref: 004DD6FC
                                          • EnterCriticalSection.KERNEL32(?), ref: 004DD71E
                                            • Part of subcall function 004FA760: EnterCriticalSection.KERNEL32(?,?,00000000,7772E820,?,004DD732), ref: 004FA76A
                                            • Part of subcall function 004FA760: LeaveCriticalSection.KERNEL32(?), ref: 004FA77A
                                            • Part of subcall function 004DC9A0: EnterCriticalSection.KERNEL32 ref: 004DCA0C
                                            • Part of subcall function 004DC9A0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?), ref: 004DCA1D
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004DD741
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004DD744
                                          • EnterCriticalSection.KERNEL32(?), ref: 004DD74C
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004DD771
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004DD774
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalSection$Leave$Enter
                                          • String ID:
                                          • API String ID: 2978645861-0
                                          • Opcode ID: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                          • Instruction ID: 32add75de912499d63db8df7e296ef1919b4cd71e3024a8d459c2c8f380e6b48
                                          • Opcode Fuzzy Hash: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                          • Instruction Fuzzy Hash: 59012975302A155FD324EB2ADC90B6BE3F9AF91354F00842FE546C3750CB64FC058AA9
                                          APIs
                                          • CreateWindowExA.USER32(00000000,STATIC,Dummy,80000000,00000000,00000000,00000005,00000005,00000000,00000000,00000000,00000000), ref: 004D866B
                                          • SetWindowLongA.USER32(00000000,000000EB,00000000), ref: 004D8683
                                          • SetWindowLongA.USER32(?,000000FC,004D8520), ref: 004D8690
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: Window$Long$Create
                                          • String ID: Dummy$STATIC
                                          • API String ID: 1733017098-132613206
                                          • Opcode ID: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                          • Instruction ID: 60c9263fdfddd51d1a46959990d996e43c4a0f9c9599785539e6d357df671051
                                          • Opcode Fuzzy Hash: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                          • Instruction Fuzzy Hash: 35F0303138471076E630A66ABC06F57B6EC9B59F31F21071AB319F76E0DAE0F8004A2C
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?,00000010,?,00000000,00000000,004EF87C,?,?,004AC02B,?,?), ref: 004F5A80
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F5A8A
                                          • EnterCriticalSection.KERNEL32(?), ref: 004F5B2E
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F5B3D
                                          • EnterCriticalSection.KERNEL32(?,00000002), ref: 004F5B78
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F5B8A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalSection$EnterLeave
                                          • String ID:
                                          • API String ID: 3168844106-0
                                          • Opcode ID: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                          • Instruction ID: 42192e3c7faa4449eaa7148df56c5331408008ed83f87a65c0d534a8c29348b8
                                          • Opcode Fuzzy Hash: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                          • Instruction Fuzzy Hash: EE41B634300B0D5BD7259F319894BBB77A9AF80704F08415EEB6A8B392DB18FC15D768
                                          APIs
                                          • timeGetTime.WINMM(?,?,?,?,?,?), ref: 004F274C
                                          • EnterCriticalSection.KERNEL32(?,00000000,?,?,?), ref: 004F277D
                                          • LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 004F2787
                                          • timeGetTime.WINMM(?,?), ref: 004F2792
                                          • timeGetTime.WINMM(?,?,?,?,?), ref: 004F27C6
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: Timetime$CriticalSection$EnterLeave
                                          • String ID:
                                          • API String ID: 1404962471-0
                                          • Opcode ID: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                          • Instruction ID: 9d8894fa7cd5c1a3a8d1574b016894ebc4e8e1121a62fd2c9071eafdbb47ea2c
                                          • Opcode Fuzzy Hash: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                          • Instruction Fuzzy Hash: B531BC35208B049BC314DF25E9956ABB7F1FFC9720F148A2DE4EA83390DB34A419CB56
                                          APIs
                                          • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 00529421
                                          • Sleep.KERNEL32(00000000,?,08000041,?,?,00529592,?,?), ref: 00529431
                                          • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 0052943A
                                          • InterlockedExchange.KERNEL32(00000378,00000000), ref: 0052944F
                                          • __aulldiv.LIBCMT ref: 0052947B
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: ExchangeInterlocked$Compare$Sleep__aulldiv
                                          • String ID:
                                          • API String ID: 1430435781-0
                                          • Opcode ID: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                          • Instruction ID: c7c6432b147b16162d76303af8a74e071e756cb34c164aed74e4a8b1f06fd785
                                          • Opcode Fuzzy Hash: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                          • Instruction Fuzzy Hash: 9C215AB15007409FD7219F2A9844A67FEFCFFA1705F10851FA45A873A1D7B4A904CB64
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                          • EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalSection$EnterLeave
                                          • String ID:
                                          • API String ID: 3168844106-0
                                          • Opcode ID: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                          • Instruction ID: 3111dceef54b192a201187cebb12310cd19e01e5115420dd7c98ed3fae01612e
                                          • Opcode Fuzzy Hash: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                          • Instruction Fuzzy Hash: 2921A73520174A4BD710AF66E888BFFB7B8EB60305F00852FEB4643251C779A84ADB64
                                          APIs
                                          • CreateSolidBrush.GDI32(?), ref: 004D802E
                                          • SelectObject.GDI32(?,00000000), ref: 004D8044
                                          • FillRect.USER32(?,?,00000000), ref: 004D8067
                                          • SelectObject.GDI32(?,00000000), ref: 004D8075
                                          • DeleteObject.GDI32(00000000), ref: 004D8078
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: Object$Select$BrushCreateDeleteFillRectSolid
                                          • String ID:
                                          • API String ID: 3777265051-0
                                          • Opcode ID: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                          • Instruction ID: d8a686452ba02d7e488f009474b8275e6b936404318e954abf19810798465268
                                          • Opcode Fuzzy Hash: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                          • Instruction Fuzzy Hash: 76019A752042046FC304DB69ED88C6B7BF8EACD614B000A5DFA8983312E635E806DB71
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?,?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E468C
                                          • LeaveCriticalSection.KERNEL32(?,0041D485), ref: 004E46A2
                                          • DeleteCriticalSection.KERNEL32(?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D0
                                          • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D9
                                          • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46E6
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalSection$Delete$EnterLeave
                                          • String ID:
                                          • API String ID: 3104255891-0
                                          • Opcode ID: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                          • Instruction ID: c031ed0988ac34fb64eb35ca7992c3622ed3d26c78e5592643255ae209dbdd49
                                          • Opcode Fuzzy Hash: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                          • Instruction Fuzzy Hash: D101D4B750060C5BC2106B35EC81BAF73A8AFC4214F05051EF54F93241DA68B8088BA1
                                          APIs
                                          • GetFileAttributesExA.KERNEL32(?,00000000,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?), ref: 004CFE0F
                                            • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                          • GetFileAttributesExW.KERNEL32(00000000,00000000,?,?,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852), ref: 004CFDAF
                                          • GetFileAttributesExA.KERNEL32(00000000,00000000,?,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?,00000000), ref: 004CFDED
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: AttributesFile$Version
                                          • String ID: \\?\
                                          • API String ID: 3849939888-4282027825
                                          • Opcode ID: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                          • Instruction ID: f991edffad243b4bd670aca913d189ed867c40d808b57564552852d0b3f79ee3
                                          • Opcode Fuzzy Hash: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                          • Instruction Fuzzy Hash: 6431277A90031067D710AA65AC42FEB73995F85704F54042FF90687352EB6D9C0EC2EA
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?,00000000,00000000), ref: 004FA67B
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004FA749
                                            • Part of subcall function 004F9B30: EnterCriticalSection.KERNEL32(?,00000000,?,004FA7A6,?,?,7772FFB0), ref: 004F9B35
                                            • Part of subcall function 004F9B30: LeaveCriticalSection.KERNEL32(?), ref: 004F9B84
                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000100,00000000,00000000,?), ref: 004FA715
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalSection$EnterLeave$ByteCharMultiWide
                                          • String ID: FriendlyName
                                          • API String ID: 904232820-3623505368
                                          • Opcode ID: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                          • Instruction ID: 4f25218f4a75fa1caa45750efdb6ff353ea89136e06b91a5ad3ed6f7a0914714
                                          • Opcode Fuzzy Hash: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                          • Instruction Fuzzy Hash: 9A212A75244301AFD220EB54DC49F5BB7F8BF88714F008A1DFA899B290D774F8098BA6
                                          APIs
                                          • CreateCompatibleDC.GDI32(00000000), ref: 004CADB4
                                          • CreateDIBSection.GDI32(00000000,?,00000000,?,00000000,00000000), ref: 004CADC8
                                          • GetObjectA.GDI32(00000000,00000018,?), ref: 004CADD8
                                          • DeleteDC.GDI32(00000000), ref: 004CADFF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: Create$CompatibleDeleteObjectSection
                                          • String ID:
                                          • API String ID: 3137390749-0
                                          • Opcode ID: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                          • Instruction ID: ec125f8efd539a004f5243cd975522e641b23088832de904e1665531ca55df12
                                          • Opcode Fuzzy Hash: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                          • Instruction Fuzzy Hash: 2981AFB56043458FC324CF29D484A67FBF1BF98314F148A6ED58A87712D334E989CBA6
                                          APIs
                                          • QueryPerformanceCounter.KERNEL32 ref: 0052AFF0
                                          • QueryPerformanceCounter.KERNEL32(?), ref: 0052B016
                                            • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C25F
                                            • Part of subcall function 0040C250: Sleep.KERNEL32(00000000,?,?,0052B390,?,004012F9,00000008), ref: 0040C272
                                            • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C279
                                          • InterlockedExchange.KERNEL32(?,00000000), ref: 0052B050
                                          • QueryPerformanceCounter.KERNEL32(?), ref: 0052B05B
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CounterExchangeInterlockedPerformanceQuery$Compare$Sleep
                                          • String ID:
                                          • API String ID: 188302963-0
                                          • Opcode ID: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                          • Instruction ID: 331ae7ec3883c6fb41667714d1c2397b805b788a0704fbfdebc2abdcd4384ec1
                                          • Opcode Fuzzy Hash: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                          • Instruction Fuzzy Hash: 19212A75604712ABC318DF65D884A9AF7E8BF89300F040A1DE85993780D734F918CBA2
                                          APIs
                                            • Part of subcall function 004E4850: waveInGetNumDevs.WINMM(defaultmicrophone,00000000,?,00000000,?,?,?,?,004E8459,?,?,?,?,?,?,?), ref: 004E489B
                                            • Part of subcall function 004E4C80: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C7E,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E4C8A
                                            • Part of subcall function 004E4C80: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E4CD7
                                            • Part of subcall function 004E3860: EnterCriticalSection.KERNEL32(?,00000000,?,004E5C91,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E3868
                                            • Part of subcall function 004E3860: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E388F
                                            • Part of subcall function 004E5B40: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C9B,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?), ref: 004E5B4C
                                            • Part of subcall function 004E5B40: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5B71
                                          • EnterCriticalSection.KERNEL32(00000004,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E5CA2
                                          • LeaveCriticalSection.KERNEL32(00000004,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5CB2
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalSection$EnterLeave$Devswave
                                          • String ID: echosuppression$gain
                                          • API String ID: 967401230-1829011300
                                          • Opcode ID: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                          • Instruction ID: eec625d20ecc8ac728587d7ca18c0fda910ff7f544bd80cb39fcd025b5d808b6
                                          • Opcode Fuzzy Hash: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                          • Instruction Fuzzy Hash: 4C118E35700B449BC711EB67C9A1A2BB3B9BF8871AB15049EE5464B741CB24FC02CBA4
                                          APIs
                                            • Part of subcall function 0050B060: CreateEventA.KERNEL32(00000000,?,00000000,00000000,00000000,00509F02,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E), ref: 0050B06E
                                          • InitializeCriticalSection.KERNEL32(0000007C,00000001,00000001,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E,00549D98,?,?), ref: 00509F34
                                          • InitializeCriticalSection.KERNEL32(00000094,?,?,?,?,?,?,?,?,7772FFB0), ref: 00509F3D
                                          • InitializeCriticalSection.KERNEL32 ref: 00509F6E
                                          • SetEvent.KERNEL32 ref: 00509F74
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalInitializeSection$Event$Create
                                          • String ID:
                                          • API String ID: 662013055-0
                                          • Opcode ID: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                          • Instruction ID: a00b6d7b902e657a52a59b9571d5736a80dfe09fbfe7896e9036a1fe9281f1e6
                                          • Opcode Fuzzy Hash: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                          • Instruction Fuzzy Hash: 9B21C4B1540B049FE320DF6AD884A9BFBE8FF94704F00490EE1AA83661D7B1B405CB61
                                          APIs
                                          • GetSystemDirectoryA.KERNEL32(?,00000105), ref: 004D2AB9
                                          • CreateCompatibleDC.GDI32(00000000), ref: 004D2B3D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CompatibleCreateDirectorySystem
                                          • String ID: Macromed\Flash\
                                          • API String ID: 2606042488-1438515271
                                          • Opcode ID: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                          • Instruction ID: 299e9cb63676f09c6c690dce7675c16131e739682a5e940449f79e26451de6f9
                                          • Opcode Fuzzy Hash: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                          • Instruction Fuzzy Hash: 8F118A711047016FC704EF21EC52AAF77E4BF98704F40491EF19943281DB78A908CFAA
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B22,00000001,000000FF), ref: 004F2BFE
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F2C88
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F2CCE
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F2CF1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalSection$Leave$Enter
                                          • String ID:
                                          • API String ID: 2978645861-0
                                          • Opcode ID: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                          • Instruction ID: d821757bbb06b5f881817bb4be3b83133dcd2ebdcf47b2e92145d0cebd45ebc1
                                          • Opcode Fuzzy Hash: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                          • Instruction Fuzzy Hash: D631D2762042854FD3248F29D898A3BBBF5EFD9351F19856EE696C7381C779D808C720
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,004F7247,?), ref: 004F64C1
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F64E6
                                          • EnterCriticalSection.KERNEL32(?), ref: 004F64EC
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F6515
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalSection$EnterLeave
                                          • String ID:
                                          • API String ID: 3168844106-0
                                          • Opcode ID: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                          • Instruction ID: c39e4b2d7a975ea5970b06f88a1f0ae82272a8bb6f48ad921d14b69448efe04b
                                          • Opcode Fuzzy Hash: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                          • Instruction Fuzzy Hash: FC0188352003485BC714EF24D880A77F3A9AF46258B19559DE5C657342CA39EC06CBA4
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?), ref: 0040139D
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004013B3
                                          • EnterCriticalSection.KERNEL32(00000005), ref: 004013CA
                                          • LeaveCriticalSection.KERNEL32(00000005), ref: 004013D8
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1520417901.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.1520400666.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520515782.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520538670.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520595591.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520644201.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520687740.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520705957.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520725839.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520745657.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520765891.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520783725.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520801812.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520818979.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520847910.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1520866365.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalSection$EnterLeave
                                          • String ID:
                                          • API String ID: 3168844106-0
                                          • Opcode ID: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                          • Instruction ID: 1dc668918495c93d19b35d2f921703afc781594381be1afc9f76799b5a6aac2f
                                          • Opcode Fuzzy Hash: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                          • Instruction Fuzzy Hash: 280112B620070AAFC310CF69D884946FBF8FFA8314B10C55AE95983711C771F956CBA0
                                          APIs
                                          • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 007D90C1
                                          • VirtualFree.KERNELBASE(00000000,00000000,?), ref: 007D926D
                                          Memory Dump Source
                                          • Source File: 00000004.00000003.1485815362.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_3_7a0000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: Virtual$AllocFree
                                          • String ID:
                                          • API String ID: 2087232378-0
                                          • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                          • Instruction ID: 0fc34a67d6a827dc0d7c73ac8cbc6399621bf70b2ed37733089f3a1ac3a5ace5
                                          • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                          • Instruction Fuzzy Hash: 3B717B71E0424AEFDB41CF98C985BEDBBF0BB09314F244096E565F7341D238AA91DB64
                                          APIs
                                          • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 007D9314
                                            • Part of subcall function 007D9098: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 007D90C1
                                            • Part of subcall function 007D9098: VirtualFree.KERNELBASE(00000000,00000000,?), ref: 007D926D
                                          • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 007D9366
                                          • VirtualProtect.KERNELBASE(0000002C,?,00000040,0000002C), ref: 007D93C0
                                          • VirtualFree.KERNELBASE(00000000,00000000,?), ref: 007D93F3
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000003.1485815362.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_3_7a0000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: Virtual$Alloc$Free$Protect
                                          • String ID: ,
                                          • API String ID: 1004437363-3772416878
                                          • Opcode ID: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                          • Instruction ID: ee00285b848096d9d149dff14d2196b619dd9fb5748accbcb1c1095e45e7ac29
                                          • Opcode Fuzzy Hash: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                          • Instruction Fuzzy Hash: A351E975900609EFCB20DFA9C885A9EBBF8FF08354F10851AFA59A7241D374E951CBA4
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000003.1485815362.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_3_7a0000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: __freea$__alloca_probe_16
                                          • String ID:
                                          • API String ID: 3509577899-0
                                          • Opcode ID: f7a03af1f28fe692d224fce8426d8e90eb535a2185ddb9f5c56a6e2cdb0b48ca
                                          • Instruction ID: 081cf3fe198209f33fe3a0b120c8ca826e5becfb798a419be24fc89da9dc40e2
                                          • Opcode Fuzzy Hash: f7a03af1f28fe692d224fce8426d8e90eb535a2185ddb9f5c56a6e2cdb0b48ca
                                          • Instruction Fuzzy Hash: 0251917270020AAAEB219FA0CC49FAB76BAEF84710F15112BFD0596351E778ED1086A0
                                          APIs
                                          • LCMapStringEx.KERNELBASE(?,007D0C92,?,?,-00000008,?,00000000,00000000,00000000,00000000,00000000), ref: 007D3D75
                                          Memory Dump Source
                                          • Source File: 00000004.00000003.1485815362.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_3_7a0000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: String
                                          • String ID:
                                          • API String ID: 2568140703-0
                                          • Opcode ID: 175506e9baa064e8de5336ff9f9c35cc612b60ef2b7bb8bbe571b4be71336b6e
                                          • Instruction ID: c3c72d564a4f20c8bea0f29fec32ed21c670867db13d8b38512067307f666f9c
                                          • Opcode Fuzzy Hash: 175506e9baa064e8de5336ff9f9c35cc612b60ef2b7bb8bbe571b4be71336b6e
                                          • Instruction Fuzzy Hash: 08F0683610025ABBCF125F90DC099DE3F26AB48360B058111BA1969220C73ACA31AFA1
                                          APIs
                                          • VirtualFree.KERNELBASE(?,00000000,?), ref: 007CBFCE
                                          Memory Dump Source
                                          • Source File: 00000004.00000003.1485815362.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_3_7a0000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: FreeVirtual
                                          • String ID:
                                          • API String ID: 1263568516-0
                                          • Opcode ID: 2b2b09fd54bcda281bc1361cc72eafe3c16d7000e3994f5a488a0eb69cbcd1b9
                                          • Instruction ID: 9dbe86c5b4215908777a3276febbbed1dde0bcd46da8c6c5dc297dcfcc1c5923
                                          • Opcode Fuzzy Hash: 2b2b09fd54bcda281bc1361cc72eafe3c16d7000e3994f5a488a0eb69cbcd1b9
                                          • Instruction Fuzzy Hash: 1631F371900209ABCB10CFA9D881FAEBBF8BF08704F10842DE955A7390D779A9458F94
                                          APIs
                                          • CloseHandle.KERNELBASE(00000000), ref: 007CBCC7
                                          Memory Dump Source
                                          • Source File: 00000004.00000003.1485815362.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_3_7a0000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CloseHandle
                                          • String ID:
                                          • API String ID: 2962429428-0
                                          • Opcode ID: 9ac12d75cf364b735dce5310dc04a39102ca413bb26d0aa9ec29b9aecec6e3ff
                                          • Instruction ID: 8cae220516fcf033456b5b081b1e20611534ce2899c4ed54bab4f52bb7db096b
                                          • Opcode Fuzzy Hash: 9ac12d75cf364b735dce5310dc04a39102ca413bb26d0aa9ec29b9aecec6e3ff
                                          • Instruction Fuzzy Hash: 61E0EDB6902662BBD3212B209D4AE7B732CEF95701B00842CFD10E6340DF28DC01C6B0
                                          APIs
                                          • GlobalAlloc.KERNEL32(00002002,00000002), ref: 004D9B06
                                          • GlobalLock.KERNEL32(00000000), ref: 004D9B17
                                          • GlobalUnlock.KERNEL32(00000000), ref: 004D9B28
                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000001,00000000,00000000), ref: 004D9B51
                                          • GlobalAlloc.KERNEL32(00002002,00000001), ref: 004D9B61
                                          • GlobalLock.KERNEL32(00000000), ref: 004D9B70
                                          • GlobalUnlock.KERNEL32(00000000), ref: 004D9B81
                                          • GlobalAlloc.KERNEL32(00002002,00000003,?,?,?,00000000,0040D599,00000000,00000000), ref: 004D9BB8
                                          • GlobalLock.KERNEL32(00000000), ref: 004D9BC5
                                          • GlobalUnlock.KERNEL32(00000000), ref: 004D9BDB
                                          • OpenClipboard.USER32(00000000), ref: 004D9BEB
                                          • EmptyClipboard.USER32 ref: 004D9BF5
                                          • SetClipboardData.USER32(0000000D,00000000), ref: 004D9C08
                                          • SetClipboardData.USER32(00000001,00000000), ref: 004D9C11
                                          • CloseClipboard.USER32 ref: 004D9C13
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: Global$Clipboard$AllocLockUnlock$Data$ByteCharCloseEmptyMultiOpenWide
                                          • String ID:
                                          • API String ID: 3392129136-0
                                          • Opcode ID: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                          • Instruction ID: e40826f6a6b6de4095afa5ba746f594757548e465f4129e7c784a6b23cc7d310
                                          • Opcode Fuzzy Hash: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                          • Instruction Fuzzy Hash: 7A41F371104302ABE3111B61BC99B277BFCAFA1B04F09041BF986D7341DA69EC09D7BA
                                          Memory Dump Source
                                          • Source File: 00000004.00000003.1485815362.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_3_7a0000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d226f714bff62ed29fbfbeeb9c07e0a6250ee3561ac2043c385ee9577c71bd29
                                          • Instruction ID: ca6b49ba8c948b0b2a1321171176cbff8534267d0d71147791947335bfaf874a
                                          • Opcode Fuzzy Hash: d226f714bff62ed29fbfbeeb9c07e0a6250ee3561ac2043c385ee9577c71bd29
                                          • Instruction Fuzzy Hash: BD516AB2A112059FEB19CF59D895BEABBF4FB48310F24806ED809EB250D3789D41CF50
                                          Memory Dump Source
                                          • Source File: 00000004.00000003.1485815362.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_3_7a0000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                          • Instruction ID: ef0fd70ec8bd2bfbf285bcc601704a758f7e28addf8dfbedece5c33eca63a78d
                                          • Opcode Fuzzy Hash: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                          • Instruction Fuzzy Hash: 22F06275B00200EF8714DF0AC544C9577F6FB857147654596D5049B321D3B4FD44CB50
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: WSAAsyncGetHostByName$WSAAsyncSelect$WSACancelAsyncRequest$WSACleanup$WSAGetLastError$WSAStartup$WSOCK32.DLL$accept$bind$closesocket$connect$htonl$htons$inet_addr$listen$recv$recvfrom$send$sendto$socket
                                          • API String ID: 0-3677570488
                                          • Opcode ID: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                          • Instruction ID: 8c9ac86f1f98df4bb1f2f2f05f7a43d8bd4a8589446ea9a4d4fdb8b68f6288ad
                                          • Opcode Fuzzy Hash: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                          • Instruction Fuzzy Hash: 5031DE71D523646AD7206BB9EC19DEF3EACFBB6704B510517F000972A0EAF88458AF94
                                          APIs
                                          • EnterCriticalSection.KERNEL32 ref: 004F4A89
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4AFB
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4BF2
                                          • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F4CEA
                                          • LeaveCriticalSection.KERNEL32(?,?), ref: 004F4CFD
                                          • EnterCriticalSection.KERNEL32(?), ref: 004F4D17
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4D1A
                                          • EnterCriticalSection.KERNEL32(?), ref: 004F4D36
                                          • EnterCriticalSection.KERNEL32(?), ref: 004F4D5D
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4D66
                                          • EnterCriticalSection.KERNEL32(?), ref: 004F4D81
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4D87
                                          • EnterCriticalSection.KERNEL32(?), ref: 004F4DB6
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4DC0
                                          • EnterCriticalSection.KERNEL32(?), ref: 004F4E05
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4E11
                                          • LeaveCriticalSection.KERNEL32(?,00000000), ref: 004F4E7D
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4E9C
                                          • EnterCriticalSection.KERNEL32(?), ref: 004F4EB3
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4ED9
                                          • EnterCriticalSection.KERNEL32(?), ref: 004F4EF4
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F4F06
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalSection$Leave$Enter
                                          • String ID: NetStream.Play.Start$NetStream.Play.Stop$NetStream.Play.StreamNotFound$NetStream.Seek.InvalidTime$NetStream.Seek.Notify$error$status
                                          • API String ID: 2978645861-761530088
                                          • Opcode ID: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                          • Instruction ID: 162dc2aece2cb8deeda7270d3cf99ca9d96a23cce06d37320eaaf024755f17c1
                                          • Opcode Fuzzy Hash: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                          • Instruction Fuzzy Hash: C7E190352047459FD320DB34C845BABBBE1BF89714F04895DE9AA57382CB74F80ACB65
                                          APIs
                                          • DestroyWindow.USER32(?,?,?,?,?), ref: 004D5D5F
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: DestroyWindow
                                          • String ID: D$FSCommand:$\fscommand$allowscale$exec$fullscreen$quit$showmenu$trapallkeys
                                          • API String ID: 3375834691-1928458085
                                          • Opcode ID: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                          • Instruction ID: 7647b0b3e504c4bbb0374484e0d8b702cf2a7569de5a553b4a60fd35f403e9ef
                                          • Opcode Fuzzy Hash: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                          • Instruction Fuzzy Hash: 27914C35504B015BCB24EF28EC617FBB791AFA6309F44451FE8888B341DB2A990BC7D9
                                          APIs
                                          • GetWindowLongA.USER32(?,000000F0), ref: 004DB511
                                          • GetWindowRect.USER32(?,?), ref: 004DB531
                                          • GetClientRect.USER32(?,?), ref: 004DB541
                                          • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB55D
                                          • GetMenu.USER32(?), ref: 004DB581
                                          • SetMenu.USER32(?,00000000), ref: 004DB596
                                          • GetDesktopWindow.USER32 ref: 004DB5B0
                                          • GetWindowRect.USER32(00000000,?), ref: 004DB5BC
                                          • SetWindowPos.USER32(?,00000000,?,?,?,?,00000000,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB5E1
                                          • GetWindowLongA.USER32(?,000000F0), ref: 004DB604
                                          • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB62A
                                          • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB66D
                                          • GetWindowRect.USER32(?,?), ref: 004DB6A5
                                          • GetClientRect.USER32(?,?), ref: 004DB6B7
                                          • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB702
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: Window$Rect$Long$ClientMenuMove$Desktop
                                          • String ID:
                                          • API String ID: 3087884050-0
                                          • Opcode ID: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                          • Instruction ID: afb7dc4107877f96dc9ff69242aee4b267e14dc018c2a581ac30f1de2d6509eb
                                          • Opcode Fuzzy Hash: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                          • Instruction Fuzzy Hash: 1C61F7756047009FE714CF79D888FA7B7E9EB98314F108A1EE5AA83344DE74B8088B65
                                          APIs
                                          • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFE8F
                                          • RegQueryValueExW.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFEC1
                                          • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFF52
                                          • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFF84
                                          • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFFF3
                                          • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004D0021
                                          • RegCloseKey.ADVAPI32(00000000), ref: 004D0043
                                            • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: OpenQueryValue$CloseVersion
                                          • String ID: AppData$AppData$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                          • API String ID: 3944000476-502054578
                                          • Opcode ID: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                          • Instruction ID: f72081d33d1e3e5e856db847e9c33e0e25e3821136d69a0383b26c3c547fa845
                                          • Opcode Fuzzy Hash: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                          • Instruction Fuzzy Hash: 0151B2715087017BC725DB50EC95FAB73E8AF88754F00891EF98553381EAB9D80AC7AA
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?,?,00000000,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F606E
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F608D
                                          • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6111
                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F611B
                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F612B
                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6135
                                            • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                            • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                            • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                            • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                            • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                            • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                          • EnterCriticalSection.KERNEL32(?,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F61D1
                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6212
                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F621C
                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6244
                                          • EnterCriticalSection.KERNEL32(?,00000001,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6268
                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62A9
                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62B3
                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62DB
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalSection$EnterLeave
                                          • String ID:
                                          • API String ID: 3168844106-0
                                          • Opcode ID: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                          • Instruction ID: 143f1fb28292c6c8f5848ec82d72cb0c1768edffe3cb57bca7300ec5568bca4f
                                          • Opcode Fuzzy Hash: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                          • Instruction Fuzzy Hash: 2AA1113020430E8BC725DF349854BBBBBB9AF94304F15056EFA5687382DB79E809CB65
                                          APIs
                                          • StartDocA.GDI32(?,00000000), ref: 004D7F29
                                          • GetDeviceCaps.GDI32(?,00000008), ref: 004D7F47
                                          • GetDeviceCaps.GDI32(?,0000000A), ref: 004D7F55
                                          • LPtoDP.GDI32(00000000,00000002), ref: 004D7F83
                                          • GetDeviceCaps.GDI32(00000000,0000006E), ref: 004D7FA0
                                          • GetDeviceCaps.GDI32(00000000,0000006F), ref: 004D7FAE
                                          • GetDeviceCaps.GDI32(00000000,00000058), ref: 004D7FBC
                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004D7FD2
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CapsDevice$Start
                                          • String ID: portrait
                                          • API String ID: 1738886688-2504013051
                                          • Opcode ID: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                          • Instruction ID: 78bfa520cedcb1c13f518f393ea8421dc938ea51f70754ce75912898c89e0c82
                                          • Opcode Fuzzy Hash: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                          • Instruction Fuzzy Hash: 7641DFB0604B109FC324DF2AD980A1AFBF5BF98710F108A1EE58A877A1D771E845CF91
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?,00000000,?,00000000,00000000,?,004AC0BD,?,?), ref: 004F705A
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F7081
                                          • EnterCriticalSection.KERNEL32(?), ref: 004F709A
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F70A3
                                          • timeGetTime.WINMM(00000000,00000000,00000000,00000000,?), ref: 004F7390
                                          • LeaveCriticalSection.KERNEL32(?,?), ref: 004F73D5
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalSection$Leave$Enter$Timetime
                                          • String ID:
                                          • API String ID: 4022644143-0
                                          • Opcode ID: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                          • Instruction ID: 3d57daaa4b40982c2e4bbac1192c2a7fdd3e5fb289d79a2cbb097eeb1d58369f
                                          • Opcode Fuzzy Hash: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                          • Instruction Fuzzy Hash: 60A12B303083495BC7259F398890BBBBBE59F85700F04456EFA9AC7392DB6CE905D768
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?,?,?,00000000,004F7352,?), ref: 004F2A19
                                          • timeGetTime.WINMM ref: 004F2A25
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F2A39
                                          • timeGetTime.WINMM(?), ref: 004F2A46
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F2AD7
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalSection$LeaveTimetime$Enter
                                          • String ID: NetStream.Buffer.Empty$NetStream.Buffer.Full$status
                                          • API String ID: 2943255653-4242577526
                                          • Opcode ID: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                          • Instruction ID: adfbc573f46a5ae42de3eb127535f59d6c3a8125dfae6686c248f3bcdabba04f
                                          • Opcode Fuzzy Hash: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                          • Instruction Fuzzy Hash: 33217471740705ABD7308F14DD86B6BB7A4FB50B21F24462BF267966D0C7B4B8408754
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B64,00000002), ref: 004F3ED0
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F3EDE
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F3F20
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalSection$Leave$Enter
                                          • String ID:
                                          • API String ID: 2978645861-0
                                          • Opcode ID: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                          • Instruction ID: 85195bc957575009e4a7604c5a43e45099f91f30af12cfc7e5b33174ac27f883
                                          • Opcode Fuzzy Hash: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                          • Instruction Fuzzy Hash: BF81C0316047494FC724DF39989057BB7F1AF853117148A2FE6A787B81DB38E805CB68
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?), ref: 00401181
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004011B1
                                          • timeGetTime.WINMM ref: 004011C5
                                          • timeGetTime.WINMM ref: 004011D5
                                          • EnterCriticalSection.KERNEL32(?), ref: 004011E3
                                          • LeaveCriticalSection.KERNEL32(?), ref: 0040122A
                                          • timeGetTime.WINMM ref: 0040123E
                                          • EnterCriticalSection.KERNEL32(?), ref: 00401261
                                          • LeaveCriticalSection.KERNEL32(?), ref: 0040129E
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalSection$EnterLeaveTimetime
                                          • String ID:
                                          • API String ID: 3486229058-0
                                          • Opcode ID: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                          • Instruction ID: b4a63a4f06c8fcffd2d454e61e85ed039b73bf68413dd997414ba6e559c29426
                                          • Opcode Fuzzy Hash: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                          • Instruction Fuzzy Hash: 6641D6357003148FCB309F60E80466BB7F4AF6575470486AEE896BB3E1DB38EC459AA5
                                          APIs
                                          • InterlockedExchange.KERNEL32(00000020,00000000), ref: 00411B68
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: ExchangeInterlocked
                                          • String ID: GET$_bytesLoaded$_bytesTotal$_customHeaders$contentType$loaded
                                          • API String ID: 367298776-2876428247
                                          • Opcode ID: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                          • Instruction ID: 337a073203a489cf9af6a636d5e82807fd5ac3b12a53b57697a6972a4ae57270
                                          • Opcode Fuzzy Hash: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                          • Instruction Fuzzy Hash: F6D126706047056BC714EF65D842AABB7E5BF88304F404A2EFA4687392EB38F945C799
                                          APIs
                                          • type_info::operator==.LIBVCRUNTIME ref: 007CE960
                                          • ___TypeMatch.LIBVCRUNTIME ref: 007CEA6E
                                          • _UnwindNestedFrames.LIBCMT ref: 007CEBC0
                                          • CallUnexpected.LIBVCRUNTIME ref: 007CEBDB
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000003.1485815362.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_3_7a0000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                          • String ID: csm$csm$csm
                                          • API String ID: 2751267872-393685449
                                          • Opcode ID: b9ab95a4e47fab344a6e7ab70ab3b70abf1309b41cdc95eee017af9d9d86d884
                                          • Instruction ID: 80a19a395c9a15051bf72db8e440a3931cb9153654a270fcd77bb47acce935fb
                                          • Opcode Fuzzy Hash: b9ab95a4e47fab344a6e7ab70ab3b70abf1309b41cdc95eee017af9d9d86d884
                                          • Instruction Fuzzy Hash: 2FB11871800209EFCF29DFA4C885EAEBBB5BF14310F14456EE8156B212D779EE51CB92
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,004F5BA3,00000000), ref: 004F34EA
                                          • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3537
                                          • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3545
                                          • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3556
                                          • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F355F
                                          • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3594
                                          • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F359D
                                          • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36AD
                                          • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36BB
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalSection$Enter$Leave
                                          • String ID:
                                          • API String ID: 2801635615-0
                                          • Opcode ID: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                          • Instruction ID: 93c01fc31a9ee7373f9c1d93048bf40271cec5808ab28bfcb2eca2428eaae834
                                          • Opcode Fuzzy Hash: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                          • Instruction Fuzzy Hash: 1F51BE3020474A9BD7249F319558BBBBBF8AF84742F04485EE5DEC3361DB28EA08C724
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?,?,?,?), ref: 004F3709
                                          • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F374C
                                          • LeaveCriticalSection.KERNEL32(?,?), ref: 004F375C
                                          • EnterCriticalSection.KERNEL32(?), ref: 004F376D
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F377A
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F37A9
                                          • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F37C5
                                          • LeaveCriticalSection.KERNEL32(?,?), ref: 004F37D5
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F37EC
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalSection$Leave$Enter
                                          • String ID:
                                          • API String ID: 2978645861-0
                                          • Opcode ID: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                          • Instruction ID: 1822ab8b2bc00c4b335a7296647f06df4fe24da2c1cedc303b1505dbbb5a7089
                                          • Opcode Fuzzy Hash: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                          • Instruction Fuzzy Hash: 2831D1B11087894BC610AF35A9807EBFBF8BF89714F04499DE5E953251C734AA1DC726
                                          APIs
                                          • _ValidateLocalCookies.LIBCMT ref: 007CD977
                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 007CD97F
                                          • _ValidateLocalCookies.LIBCMT ref: 007CDA08
                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 007CDA33
                                          • _ValidateLocalCookies.LIBCMT ref: 007CDA88
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000003.1485815362.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_3_7a0000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                          • String ID: csm
                                          • API String ID: 1170836740-1018135373
                                          • Opcode ID: 2566e749357cb0ba2efa1a1b021d70087ff1bea505c1d32106b274d3e2014b22
                                          • Instruction ID: 73b477d21b9d6c7fbad3c11516e8685cf2d8cd7839a9f3f5ee876fcc05aaaf28
                                          • Opcode Fuzzy Hash: 2566e749357cb0ba2efa1a1b021d70087ff1bea505c1d32106b274d3e2014b22
                                          • Instruction Fuzzy Hash: 3F416F34A00209DBCF20DF68C885F9EBBB5EF45324F14816DE819AB392D739AD15CB91
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: localhost
                                          • API String ID: 0-2663516195
                                          • Opcode ID: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                          • Instruction ID: cf482c115b2fa46a5b5609c5aae3d134ea41c2cdeafd480f3feffcf81808ee73
                                          • Opcode Fuzzy Hash: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                          • Instruction Fuzzy Hash: 9131ED30208311ABDB20DF249C85BBBB7E5FF95710F004A1EF9559B381E7719948C7A6
                                          APIs
                                          • timeGetTime.WINMM(00000000), ref: 004145E1
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: Timetime
                                          • String ID: gfff$gfff$gfff$gfff
                                          • API String ID: 17336451-2178600047
                                          • Opcode ID: 36ada0748ce7ae867fc8d0b968c8e92e83edef51ded80e37bf17f681d92f4674
                                          • Instruction ID: e32ce3efbecf0e845fb5c017bd6949167df468d5a0ad1b28c98723774e94ba96
                                          • Opcode Fuzzy Hash: 36ada0748ce7ae867fc8d0b968c8e92e83edef51ded80e37bf17f681d92f4674
                                          • Instruction Fuzzy Hash: 79C17E313046059BD718DF15C494BEA77A6BFC8704F18856EE8498F382CB79ED42CB9A
                                          APIs
                                          • timeKillEvent.WINMM(?,?,?,00000000,?,0041D4A9), ref: 004D8B13
                                          • Sleep.KERNEL32(00000001,?,0041D4A9), ref: 004D8B2D
                                          • waveOutReset.WINMM(?,?,0041D4A9), ref: 004D8B34
                                          • waveOutUnprepareHeader.WINMM(?,-000013C4,00000020,?,?,0041D4A9), ref: 004D8B5A
                                          • Sleep.KERNEL32(00000001,?,?,0041D4A9), ref: 004D8B63
                                          • waveOutClose.WINMM(?,?,0041D4A9), ref: 004D8B86
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: wave$Sleep$CloseEventHeaderKillResetUnpreparetime
                                          • String ID:
                                          • API String ID: 3030913982-0
                                          • Opcode ID: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                          • Instruction ID: 723e303dfaa0e6e3e16fcc3d7d301ea8209cd941138754b25ec6b12d62c8e06b
                                          • Opcode Fuzzy Hash: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                          • Instruction Fuzzy Hash: 0401ADB5A00214ABC3149F14EC88AAEB7F8FB98B11F00091BF41497301CB79A9598BF5
                                          APIs
                                          • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000,?,?,?,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF94E
                                          • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,-00000001,00000000,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF99D
                                          • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000), ref: 004CF9BF
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID: \\?\
                                          • API String ID: 823142352-4282027825
                                          • Opcode ID: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                          • Instruction ID: d900b4c61e2357813c95f9d4093febd61d3ae0210469f6574eac6d9984f09979
                                          • Opcode Fuzzy Hash: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                          • Instruction Fuzzy Hash: A141C2B5904300BBEB50EB21DC86F1B77A9EB89348F24092EF54597381D63DDC48C7A6
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?,00000000,?,?,004DDFDB,000000FF,00000001,004DE7BA), ref: 004DD6FC
                                          • EnterCriticalSection.KERNEL32(?), ref: 004DD71E
                                            • Part of subcall function 004FA760: EnterCriticalSection.KERNEL32(?,?,00000000,0015381C,?,004DD732), ref: 004FA76A
                                            • Part of subcall function 004FA760: LeaveCriticalSection.KERNEL32(?), ref: 004FA77A
                                            • Part of subcall function 004DC9A0: EnterCriticalSection.KERNEL32 ref: 004DCA0C
                                            • Part of subcall function 004DC9A0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?), ref: 004DCA1D
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004DD741
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004DD744
                                          • EnterCriticalSection.KERNEL32(?), ref: 004DD74C
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004DD771
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004DD774
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalSection$Leave$Enter
                                          • String ID:
                                          • API String ID: 2978645861-0
                                          • Opcode ID: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                          • Instruction ID: 32add75de912499d63db8df7e296ef1919b4cd71e3024a8d459c2c8f380e6b48
                                          • Opcode Fuzzy Hash: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                          • Instruction Fuzzy Hash: 59012975302A155FD324EB2ADC90B6BE3F9AF91354F00842FE546C3750CB64FC058AA9
                                          APIs
                                          • CreateWindowExA.USER32(00000000,STATIC,Dummy,80000000,00000000,00000000,00000005,00000005,00000000,00000000,00000000,00000000), ref: 004D866B
                                          • SetWindowLongA.USER32(00000000,000000EB,00000000), ref: 004D8683
                                          • SetWindowLongA.USER32(?,000000FC,004D8520), ref: 004D8690
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: Window$Long$Create
                                          • String ID: Dummy$STATIC
                                          • API String ID: 1733017098-132613206
                                          • Opcode ID: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                          • Instruction ID: 60c9263fdfddd51d1a46959990d996e43c4a0f9c9599785539e6d357df671051
                                          • Opcode Fuzzy Hash: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                          • Instruction Fuzzy Hash: 35F0303138471076E630A66ABC06F57B6EC9B59F31F21071AB319F76E0DAE0F8004A2C
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?,00000010,?,00000000,00000000,004EF87C,?,?,004AC02B,?,?), ref: 004F5A80
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F5A8A
                                          • EnterCriticalSection.KERNEL32(?), ref: 004F5B2E
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F5B3D
                                          • EnterCriticalSection.KERNEL32(?,00000002), ref: 004F5B78
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F5B8A
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalSection$EnterLeave
                                          • String ID:
                                          • API String ID: 3168844106-0
                                          • Opcode ID: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                          • Instruction ID: 42192e3c7faa4449eaa7148df56c5331408008ed83f87a65c0d534a8c29348b8
                                          • Opcode Fuzzy Hash: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                          • Instruction Fuzzy Hash: EE41B634300B0D5BD7259F319894BBB77A9AF80704F08415EEB6A8B392DB18FC15D768
                                          APIs
                                          • timeGetTime.WINMM(?,?,?,?,?,?), ref: 004F274C
                                          • EnterCriticalSection.KERNEL32(?,00000000,?,?,?), ref: 004F277D
                                          • LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 004F2787
                                          • timeGetTime.WINMM(?,?), ref: 004F2792
                                          • timeGetTime.WINMM(?,?,?,?,?), ref: 004F27C6
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: Timetime$CriticalSection$EnterLeave
                                          • String ID:
                                          • API String ID: 1404962471-0
                                          • Opcode ID: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                          • Instruction ID: 9d8894fa7cd5c1a3a8d1574b016894ebc4e8e1121a62fd2c9071eafdbb47ea2c
                                          • Opcode Fuzzy Hash: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                          • Instruction Fuzzy Hash: B531BC35208B049BC314DF25E9956ABB7F1FFC9720F148A2DE4EA83390DB34A419CB56
                                          APIs
                                          • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 00529421
                                          • Sleep.KERNEL32(00000000,?,08000041,?,?,00529592,?,?), ref: 00529431
                                          • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 0052943A
                                          • InterlockedExchange.KERNEL32(00000378,00000000), ref: 0052944F
                                          • __aulldiv.LIBCMT ref: 0052947B
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: ExchangeInterlocked$Compare$Sleep__aulldiv
                                          • String ID:
                                          • API String ID: 1430435781-0
                                          • Opcode ID: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                          • Instruction ID: c7c6432b147b16162d76303af8a74e071e756cb34c164aed74e4a8b1f06fd785
                                          • Opcode Fuzzy Hash: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                          • Instruction Fuzzy Hash: 9C215AB15007409FD7219F2A9844A67FEFCFFA1705F10851FA45A873A1D7B4A904CB64
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                          • EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalSection$EnterLeave
                                          • String ID:
                                          • API String ID: 3168844106-0
                                          • Opcode ID: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                          • Instruction ID: 3111dceef54b192a201187cebb12310cd19e01e5115420dd7c98ed3fae01612e
                                          • Opcode Fuzzy Hash: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                          • Instruction Fuzzy Hash: 2921A73520174A4BD710AF66E888BFFB7B8EB60305F00852FEB4643251C779A84ADB64
                                          APIs
                                          • CreateSolidBrush.GDI32(?), ref: 004D802E
                                          • SelectObject.GDI32(?,00000000), ref: 004D8044
                                          • FillRect.USER32(?,?,00000000), ref: 004D8067
                                          • SelectObject.GDI32(?,00000000), ref: 004D8075
                                          • DeleteObject.GDI32(00000000), ref: 004D8078
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: Object$Select$BrushCreateDeleteFillRectSolid
                                          • String ID:
                                          • API String ID: 3777265051-0
                                          • Opcode ID: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                          • Instruction ID: d8a686452ba02d7e488f009474b8275e6b936404318e954abf19810798465268
                                          • Opcode Fuzzy Hash: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                          • Instruction Fuzzy Hash: 76019A752042046FC304DB69ED88C6B7BF8EACD614B000A5DFA8983312E635E806DB71
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?,?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E468C
                                          • LeaveCriticalSection.KERNEL32(?,0041D485), ref: 004E46A2
                                          • DeleteCriticalSection.KERNEL32(?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D0
                                          • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D9
                                          • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46E6
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalSection$Delete$EnterLeave
                                          • String ID:
                                          • API String ID: 3104255891-0
                                          • Opcode ID: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                          • Instruction ID: c031ed0988ac34fb64eb35ca7992c3622ed3d26c78e5592643255ae209dbdd49
                                          • Opcode Fuzzy Hash: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                          • Instruction Fuzzy Hash: D101D4B750060C5BC2106B35EC81BAF73A8AFC4214F05051EF54F93241DA68B8088BA1
                                          APIs
                                          • OpenClipboard.USER32(00000000), ref: 004D9C27
                                          • GetClipboardData.USER32(00000001), ref: 004D9C3A
                                          • GetClipboardData.USER32(0000000D), ref: 004D9C42
                                          • GetClipboardData.USER32(00000000), ref: 004D9C4B
                                          • CloseClipboard.USER32 ref: 004D9C56
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: Clipboard$Data$CloseOpen
                                          • String ID:
                                          • API String ID: 464010812-0
                                          • Opcode ID: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                          • Instruction ID: 2f18cbc0f6c8a3dbd26954e8439ab7c802a903eab365c315afdcc22c9d276e9e
                                          • Opcode Fuzzy Hash: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                          • Instruction Fuzzy Hash: 41E09AB230022517EB9026BA6C4CF97A2EC9F54F90F050123F604C6340E6A6CC0457B1
                                          APIs
                                          • GetFileAttributesExA.KERNEL32(?,00000000,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?), ref: 004CFE0F
                                            • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                          • GetFileAttributesExW.KERNEL32(00000000,00000000,?,?,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852), ref: 004CFDAF
                                          • GetFileAttributesExA.KERNEL32(00000000,00000000,?,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?,00000000), ref: 004CFDED
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: AttributesFile$Version
                                          • String ID: \\?\
                                          • API String ID: 3849939888-4282027825
                                          • Opcode ID: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                          • Instruction ID: f991edffad243b4bd670aca913d189ed867c40d808b57564552852d0b3f79ee3
                                          • Opcode Fuzzy Hash: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                          • Instruction Fuzzy Hash: 6431277A90031067D710AA65AC42FEB73995F85704F54042FF90687352EB6D9C0EC2EA
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?,00000000,00000000), ref: 004FA67B
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004FA749
                                            • Part of subcall function 004F9B30: EnterCriticalSection.KERNEL32(?,00000000,?,004FA7A6,?,?,00153804), ref: 004F9B35
                                            • Part of subcall function 004F9B30: LeaveCriticalSection.KERNEL32(?), ref: 004F9B84
                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000100,00000000,00000000,?), ref: 004FA715
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalSection$EnterLeave$ByteCharMultiWide
                                          • String ID: FriendlyName
                                          • API String ID: 904232820-3623505368
                                          • Opcode ID: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                          • Instruction ID: 4f25218f4a75fa1caa45750efdb6ff353ea89136e06b91a5ad3ed6f7a0914714
                                          • Opcode Fuzzy Hash: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                          • Instruction Fuzzy Hash: 9A212A75244301AFD220EB54DC49F5BB7F8BF88714F008A1DFA899B290D774F8098BA6
                                          APIs
                                          • CreateCompatibleDC.GDI32(00000000), ref: 004CADB4
                                          • CreateDIBSection.GDI32(00000000,?,00000000,?,00000000,00000000), ref: 004CADC8
                                          • GetObjectA.GDI32(00000000,00000018,?), ref: 004CADD8
                                          • DeleteDC.GDI32(00000000), ref: 004CADFF
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: Create$CompatibleDeleteObjectSection
                                          • String ID:
                                          • API String ID: 3137390749-0
                                          • Opcode ID: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                          • Instruction ID: ec125f8efd539a004f5243cd975522e641b23088832de904e1665531ca55df12
                                          • Opcode Fuzzy Hash: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                          • Instruction Fuzzy Hash: 2981AFB56043458FC324CF29D484A67FBF1BF98314F148A6ED58A87712D334E989CBA6
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000003.1485815362.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_3_7a0000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: AdjustPointer
                                          • String ID:
                                          • API String ID: 1740715915-0
                                          • Opcode ID: 4af2649a06a45dc76cd1df25169af1e6e16b6486a0d55f5c75e7710ced2ff155
                                          • Instruction ID: a93507f7373f89f0ff85a9b63645c339ff2de69c3e895bea3d106dbd0d861884
                                          • Opcode Fuzzy Hash: 4af2649a06a45dc76cd1df25169af1e6e16b6486a0d55f5c75e7710ced2ff155
                                          • Instruction Fuzzy Hash: 54510072601206EFDB298F14D985FBAB7A4FF54310F24452DEC069B2A1E779EC81DB90
                                          APIs
                                          • QueryPerformanceCounter.KERNEL32 ref: 0052AFF0
                                          • QueryPerformanceCounter.KERNEL32(?), ref: 0052B016
                                            • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C25F
                                            • Part of subcall function 0040C250: Sleep.KERNEL32(00000000,?,?,0052B390,?,004012F9,00000008), ref: 0040C272
                                            • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C279
                                          • InterlockedExchange.KERNEL32(?,00000000), ref: 0052B050
                                          • QueryPerformanceCounter.KERNEL32(?), ref: 0052B05B
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CounterExchangeInterlockedPerformanceQuery$Compare$Sleep
                                          • String ID:
                                          • API String ID: 188302963-0
                                          • Opcode ID: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                          • Instruction ID: 331ae7ec3883c6fb41667714d1c2397b805b788a0704fbfdebc2abdcd4384ec1
                                          • Opcode Fuzzy Hash: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                          • Instruction Fuzzy Hash: 19212A75604712ABC318DF65D884A9AF7E8BF89300F040A1DE85993780D734F918CBA2
                                          APIs
                                            • Part of subcall function 004E4850: waveInGetNumDevs.WINMM(defaultmicrophone,00000000,?,00000000,?,?,?,?,004E8459,?,?,?,?,?,?,?), ref: 004E489B
                                            • Part of subcall function 004E4C80: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C7E,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E4C8A
                                            • Part of subcall function 004E4C80: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E4CD7
                                            • Part of subcall function 004E3860: EnterCriticalSection.KERNEL32(?,00000000,?,004E5C91,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E3868
                                            • Part of subcall function 004E3860: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E388F
                                            • Part of subcall function 004E5B40: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C9B,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?), ref: 004E5B4C
                                            • Part of subcall function 004E5B40: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5B71
                                          • EnterCriticalSection.KERNEL32(00000004,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E5CA2
                                          • LeaveCriticalSection.KERNEL32(00000004,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5CB2
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalSection$EnterLeave$Devswave
                                          • String ID: echosuppression$gain
                                          • API String ID: 967401230-1829011300
                                          • Opcode ID: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                          • Instruction ID: eec625d20ecc8ac728587d7ca18c0fda910ff7f544bd80cb39fcd025b5d808b6
                                          • Opcode Fuzzy Hash: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                          • Instruction Fuzzy Hash: 4C118E35700B449BC711EB67C9A1A2BB3B9BF8871AB15049EE5464B741CB24FC02CBA4
                                          APIs
                                            • Part of subcall function 0050B060: CreateEventA.KERNEL32(00000000,?,00000000,00000000,00000000,00509F02,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E), ref: 0050B06E
                                          • InitializeCriticalSection.KERNEL32(0000007C,00000001,00000001,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E,00549D98,?,?), ref: 00509F34
                                          • InitializeCriticalSection.KERNEL32(00000094,?,?,?,?,?,?,?,?,00153804), ref: 00509F3D
                                          • InitializeCriticalSection.KERNEL32 ref: 00509F6E
                                          • SetEvent.KERNEL32 ref: 00509F74
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalInitializeSection$Event$Create
                                          • String ID:
                                          • API String ID: 662013055-0
                                          • Opcode ID: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                          • Instruction ID: a00b6d7b902e657a52a59b9571d5736a80dfe09fbfe7896e9036a1fe9281f1e6
                                          • Opcode Fuzzy Hash: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                          • Instruction Fuzzy Hash: 9B21C4B1540B049FE320DF6AD884A9BFBE8FF94704F00490EE1AA83661D7B1B405CB61
                                          APIs
                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 007CDEAD
                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 007CDEC6
                                          Memory Dump Source
                                          • Source File: 00000004.00000003.1485815362.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_3_7a0000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: Value___vcrt_
                                          • String ID:
                                          • API String ID: 1426506684-0
                                          • Opcode ID: 5af91477f3fab8113df9f3b3bb695d5f487baed0130933ada832e6682755f51f
                                          • Instruction ID: 7a2976c3ed494013c0fe826b26b4fe6f248fde75f1add784ab675c13f6859036
                                          • Opcode Fuzzy Hash: 5af91477f3fab8113df9f3b3bb695d5f487baed0130933ada832e6682755f51f
                                          • Instruction Fuzzy Hash: 8401D83210A3519EA7343774BC89FA627A8FF557B5B24023EF525491E1EF294C12A250
                                          APIs
                                          • GetSystemDirectoryA.KERNEL32(?,00000105), ref: 004D2AB9
                                          • CreateCompatibleDC.GDI32(00000000), ref: 004D2B3D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CompatibleCreateDirectorySystem
                                          • String ID: Macromed\Flash\
                                          • API String ID: 2606042488-1438515271
                                          • Opcode ID: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                          • Instruction ID: 299e9cb63676f09c6c690dce7675c16131e739682a5e940449f79e26451de6f9
                                          • Opcode Fuzzy Hash: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                          • Instruction Fuzzy Hash: 8F118A711047016FC704EF21EC52AAF77E4BF98704F40491EF19943281DB78A908CFAA
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B22,00000001,000000FF), ref: 004F2BFE
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F2C88
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F2CCE
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F2CF1
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalSection$Leave$Enter
                                          • String ID:
                                          • API String ID: 2978645861-0
                                          • Opcode ID: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                          • Instruction ID: d821757bbb06b5f881817bb4be3b83133dcd2ebdcf47b2e92145d0cebd45ebc1
                                          • Opcode Fuzzy Hash: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                          • Instruction Fuzzy Hash: D631D2762042854FD3248F29D898A3BBBF5EFD9351F19856EE696C7381C779D808C720
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,004F7247,?), ref: 004F64C1
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F64E6
                                          • EnterCriticalSection.KERNEL32(?), ref: 004F64EC
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004F6515
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalSection$EnterLeave
                                          • String ID:
                                          • API String ID: 3168844106-0
                                          • Opcode ID: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                          • Instruction ID: c39e4b2d7a975ea5970b06f88a1f0ae82272a8bb6f48ad921d14b69448efe04b
                                          • Opcode Fuzzy Hash: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                          • Instruction Fuzzy Hash: FC0188352003485BC714EF24D880A77F3A9AF46258B19559DE5C657342CA39EC06CBA4
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?), ref: 0040139D
                                          • LeaveCriticalSection.KERNEL32(?), ref: 004013B3
                                          • EnterCriticalSection.KERNEL32(00000005), ref: 004013CA
                                          • LeaveCriticalSection.KERNEL32(00000005), ref: 004013D8
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.1490276263.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000004.00000002.1490257149.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490778732.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490868987.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000004.00000002.1490965786.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_400000_aHoqCI0AZq.jbxd
                                          Similarity
                                          • API ID: CriticalSection$EnterLeave
                                          • String ID:
                                          • API String ID: 3168844106-0
                                          • Opcode ID: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                          • Instruction ID: 1dc668918495c93d19b35d2f921703afc781594381be1afc9f76799b5a6aac2f
                                          • Opcode Fuzzy Hash: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                          • Instruction Fuzzy Hash: 280112B620070AAFC310CF69D884946FBF8FFA8314B10C55AE95983711C771F956CBA0
                                          APIs
                                          • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 00480326
                                            • Part of subcall function 004800A4: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 004800CD
                                            • Part of subcall function 004800A4: VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 00480279
                                          • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 00480378
                                          • VirtualProtect.KERNELBASE(0000002C,?,00000040,?), ref: 004803E7
                                          • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 00480407
                                          • MapViewOfFile.KERNELBASE(?,00000004,00000000,00000000,00000000), ref: 0048042E
                                          • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 00480456
                                          • CloseHandle.KERNELBASE(?), ref: 00480471
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000003.1486165042.0000000000480000.00000040.00000001.00020000.00000000.sdmp, Offset: 00480000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_3_480000_svchost.jbxd
                                          Similarity
                                          • API ID: Virtual$Alloc$Free$CloseFileHandleProtectView
                                          • String ID: ,
                                          • API String ID: 3867569247-3772416878
                                          • Opcode ID: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                          • Instruction ID: 5938aa2ab83314a4391a3dc1302c432f1b910660f26f3a7d25dcf66cdeb0915e
                                          • Opcode Fuzzy Hash: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                          • Instruction Fuzzy Hash: DE6131B1900209EFDB50EFA5C884ADEBBB9FF08754F10881AFA59A7241D734E944CF54
                                          APIs
                                          • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 004800CD
                                          • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 00480279
                                          Memory Dump Source
                                          • Source File: 00000005.00000003.1486165042.0000000000480000.00000040.00000001.00020000.00000000.sdmp, Offset: 00480000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_3_480000_svchost.jbxd
                                          Similarity
                                          • API ID: Virtual$AllocFree
                                          • String ID:
                                          • API String ID: 2087232378-0
                                          • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                          • Instruction ID: 0e4337cecb8c828e728e4eebc9e65dea70434cb00206a0bf386ca96c046b443f
                                          • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                          • Instruction Fuzzy Hash: EB71BD71E14249DFCB81DF98C885BEEBBF0AF09314F244496E461F7241C278AA85DF29

                                          Execution Graph

                                          Execution Coverage:33.4%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:83.3%
                                          Total number of Nodes:24
                                          Total number of Limit Nodes:0
                                          execution_graph 415 190cd2e1cf4 417 190cd2e1d19 415->417 416 190cd2e1fa1 417->416 426 190cd2e15c0 417->426 419 190cd2e1f98 CloseHandle 419->416 420 190cd2e1f88 NtAcceptConnectPort 420->419 421 190cd2e1e3a 421->419 421->420 422 190cd2e1ecd 421->422 429 190cd2e0ac8 421->429 435 190cd2e1aa4 NtAcceptConnectPort 422->435 427 190cd2e15f4 NtAcceptConnectPort 426->427 427->421 430 190cd2e0c62 429->430 431 190cd2e0ae8 429->431 430->422 431->430 432 190cd2e0be8 NtAcceptConnectPort 431->432 432->430 433 190cd2e0c1b 432->433 433->430 434 190cd2e0c33 NtAcceptConnectPort 433->434 434->430 436 190cd2e1af7 435->436 437 190cd2e1c04 435->437 441 190cd2e1870 436->441 437->420 439 190cd2e1b10 440 190cd2e1bb6 NtAcceptConnectPort 439->440 440->437 442 190cd2e1889 441->442 443 190cd2e1930 GetProcessMitigationPolicy 442->443 444 190cd2e1949 442->444 443->444 444->439

                                          Callgraph

                                          Control-flow Graph

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.1876854248.00000190CD2E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000190CD2E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_190cd2e0000_fontdrvhost.jbxd
                                          Similarity
                                          • API ID: AcceptCloseConnectHandlePort
                                          • String ID:
                                          • API String ID: 3811980168-0
                                          • Opcode ID: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                          • Instruction ID: 13c3b2299e87e3d3f3642756dc1f26147bc7e50235ed8267876d45a514a255e4
                                          • Opcode Fuzzy Hash: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                          • Instruction Fuzzy Hash: C491C830508F088FDB66DF18C4517E5B3E1FB98311F1447AEE49BC7696DA75A84287C1

                                          Control-flow Graph

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.1876854248.00000190CD2E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000190CD2E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_190cd2e0000_fontdrvhost.jbxd
                                          Similarity
                                          • API ID: AcceptConnectPort
                                          • String ID:
                                          • API String ID: 1658770261-0
                                          • Opcode ID: 275693e7d66e5d53f7e2184dfa7c88ce453f9d9d0d3e8ba4525500231a394657
                                          • Instruction ID: 2daf606e722933898db1f3f998c97ffa4f2a13f8d01996ae9488af7862a93e8b
                                          • Opcode Fuzzy Hash: 275693e7d66e5d53f7e2184dfa7c88ce453f9d9d0d3e8ba4525500231a394657
                                          • Instruction Fuzzy Hash: A7514830518A150EE33DA63898A56B9F7D0F7A9306F3406DED0F3C59D3E924C5479782

                                          Control-flow Graph

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.1876854248.00000190CD2E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000190CD2E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_190cd2e0000_fontdrvhost.jbxd
                                          Similarity
                                          • API ID: AcceptConnectPort$MitigationPolicyProcess
                                          • String ID:
                                          • API String ID: 2923266908-0
                                          • Opcode ID: e7c877b781110a0d6e647df344fb2e40eb660a4b7f668a210715c22aed20397b
                                          • Instruction ID: 8155a19ebaa4ea09ea93e4e35c71bdaa8e75f26649c1cb3d2b8ed2e04258e61a
                                          • Opcode Fuzzy Hash: e7c877b781110a0d6e647df344fb2e40eb660a4b7f668a210715c22aed20397b
                                          • Instruction Fuzzy Hash: C441F330208B488FDB45DF2C98897957BD1FB69320F0443AEE85ACB2D7DA34C94587D6

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 118 190cd2e15c0-190cd2e15f2 119 190cd2e15f9-190cd2e15fb 118->119 120 190cd2e15f4-190cd2e15f7 118->120 122 190cd2e15fd-190cd2e1609 119->122 123 190cd2e160b-190cd2e160d 119->123 121 190cd2e161f-190cd2e166d NtAcceptConnectPort 120->121 122->121 124 190cd2e160f-190cd2e161b 123->124 125 190cd2e161d 123->125 124->121 125->121
                                          APIs
                                          • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,00000000,00000190CD2E1E3A), ref: 00000190CD2E1654
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.1876854248.00000190CD2E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000190CD2E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_190cd2e0000_fontdrvhost.jbxd
                                          Similarity
                                          • API ID: AcceptConnectPort
                                          • String ID:
                                          • API String ID: 1658770261-0
                                          • Opcode ID: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                          • Instruction ID: fadeae59ea391187459669bc4e6f22f28ac5c046c77adb301960088e55f8f319
                                          • Opcode Fuzzy Hash: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                          • Instruction Fuzzy Hash: BB214F71A08B088FDB59DF18C489AAAB7E1FB78306F140A7FE44AC7660D731D485CB41

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 95 190cd2e1870-190cd2e18a0 call 190cd2e08a4 * 2 100 190cd2e18a6-190cd2e18a9 95->100 101 190cd2e1954-190cd2e195b 95->101 100->101 102 190cd2e18af-190cd2e18b9 100->102 102->101 103 190cd2e18bf-190cd2e18c4 102->103 103->101 104 190cd2e18ca-190cd2e18d7 103->104 104->101 105 190cd2e18d9-190cd2e18e1 104->105 105->101 106 190cd2e18e3-190cd2e18ee 105->106 106->101 107 190cd2e18f0-190cd2e18f7 106->107 107->101 108 190cd2e18f9-190cd2e18fc 107->108 108->101 109 190cd2e18fe-190cd2e1906 108->109 109->101 110 190cd2e1908-190cd2e190b 109->110 110->101 111 190cd2e190d-190cd2e1916 110->111 111->101 112 190cd2e1918-190cd2e191c 111->112 112->101 113 190cd2e191e-190cd2e192e 112->113 113->101 115 190cd2e1930-190cd2e1947 GetProcessMitigationPolicy 113->115 115->101 116 190cd2e1949-190cd2e194e 115->116 116->101 117 190cd2e1950-190cd2e1951 116->117 117->101
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.1876854248.00000190CD2E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000190CD2E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_190cd2e0000_fontdrvhost.jbxd
                                          Similarity
                                          • API ID: MitigationPolicyProcess
                                          • String ID:
                                          • API String ID: 1088084561-0
                                          • Opcode ID: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                          • Instruction ID: ead02ec2902e726b624d77d646daca9a199022ccc2f01b63718b12b6ac94b07d
                                          • Opcode Fuzzy Hash: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                          • Instruction Fuzzy Hash: 3B31A230108A074EEBA79B6988A47F173D0EBA8312F1412FBC015D79D1EB79C989C7A0
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.1876854248.00000190CD2E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000190CD2E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_190cd2e0000_fontdrvhost.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                          • Instruction ID: 1684949b0e2b346c4f6e13502068689c61c9b2d028cdf62c4328b71d82623ec0
                                          • Opcode Fuzzy Hash: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                          • Instruction Fuzzy Hash: CFB01130E2AA00C2E3880E0AB8023A0F2B2C30B300F02B2322002F3220CA28CC08028F