Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PCrn0I0aO9.exe

Overview

General Information

Sample name:PCrn0I0aO9.exe
renamed because original name is a hash value
Original sample name:5ff5a1bf6c25061affee617272ffa06bbc22b44299e7c3535fcdfe8c1f0c34e8.exe
Analysis ID:1568478
MD5:2079cc699607e1946c94d546ecf70609
SHA1:cff5254d760f8c0a1648a88bef08e8ba191f5fad
SHA256:5ff5a1bf6c25061affee617272ffa06bbc22b44299e7c3535fcdfe8c1f0c34e8
Tags:104-37-175-232Compilazioneprotetticopyrightexeuser-JAMESWT_MHT
Infos:

Detection

RHADAMANTHYS
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected RHADAMANTHYS Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops large PE files
Injects a PE file into a foreign processes
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
One or more processes crash
PE file contains an invalid checksum
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Keylogger Generic

Classification

  • System is w10x64
  • PCrn0I0aO9.exe (PID: 7740 cmdline: "C:\Users\user\Desktop\PCrn0I0aO9.exe" MD5: 2079CC699607E1946C94D546ECF70609)
    • PCrn0I0aO9.exe (PID: 7944 cmdline: "C:\Users\user\Desktop\PCrn0I0aO9.exe" MD5: 2079CC699607E1946C94D546ECF70609)
      • svchost.exe (PID: 7988 cmdline: "C:\Windows\System32\svchost.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
        • fontdrvhost.exe (PID: 8180 cmdline: "C:\Windows\System32\fontdrvhost.exe" MD5: BBCB897697B3442657C7D6E3EDDBD25F)
          • WerFault.exe (PID: 7288 cmdline: C:\Windows\system32\WerFault.exe -u -p 8180 -s 136 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
      • WerFault.exe (PID: 8068 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7944 -s 408 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
RhadamanthysAccording to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.
  • Sandworm
https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys
{"C2 url": "https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihus"}
SourceRuleDescriptionAuthorStrings
00000003.00000003.1514526955.0000000000970000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
    00000003.00000003.1516970411.0000000002F10000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
      00000004.00000003.1518227439.00000000029E0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
        00000003.00000002.1523626974.0000000000C10000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
          00000004.00000003.1523303392.0000000005030000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
            Click to see the 5 entries
            SourceRuleDescriptionAuthorStrings
            4.3.svchost.exe.5030000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
              4.3.svchost.exe.4e10000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                3.3.PCrn0I0aO9.exe.2f10000.6.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                  3.3.PCrn0I0aO9.exe.2f10000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                    3.3.PCrn0I0aO9.exe.3130000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security

                      System Summary

                      barindex
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\PCrn0I0aO9.exe, ProcessId: 7740, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DiskTuner
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\PCrn0I0aO9.exe", ParentImage: C:\Users\user\Desktop\PCrn0I0aO9.exe, ParentProcessId: 7944, ParentProcessName: PCrn0I0aO9.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 7988, ProcessName: svchost.exe
                      Source: Process startedAuthor: vburov: Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\PCrn0I0aO9.exe", ParentImage: C:\Users\user\Desktop\PCrn0I0aO9.exe, ParentProcessId: 7944, ParentProcessName: PCrn0I0aO9.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 7988, ProcessName: svchost.exe
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-04T16:51:24.056703+010028548021Domain Observed Used for C2 Detected104.37.175.2327716192.168.2.949747TCP

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Source: 0.2.PCrn0I0aO9.exe.24b0000.2.unpackMalware Configuration Extractor: Rhadamanthys {"C2 url": "https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihus"}
                      Source: PCrn0I0aO9.exeReversingLabs: Detection: 23%
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Source: PCrn0I0aO9.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                      Source: Binary string: wkernel32.pdb source: PCrn0I0aO9.exe, 00000003.00000003.1516686412.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, PCrn0I0aO9.exe, 00000003.00000003.1516764700.0000000003030000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1522756810.0000000004F30000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1522611378.0000000004E10000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdb source: PCrn0I0aO9.exe, 00000003.00000003.1516970411.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, PCrn0I0aO9.exe, 00000003.00000003.1517158034.0000000003130000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1523303392.0000000005030000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1523051052.0000000004E10000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdb source: PCrn0I0aO9.exe, 00000003.00000003.1515880044.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, PCrn0I0aO9.exe, 00000003.00000003.1516030865.0000000003100000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1519740197.0000000004E10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1520703463.0000000005000000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdbUGP source: PCrn0I0aO9.exe, 00000003.00000003.1516461139.00000000030B0000.00000004.00000001.00020000.00000000.sdmp, PCrn0I0aO9.exe, 00000003.00000003.1516286954.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1521809741.0000000004E10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1522118066.0000000004FB0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdbUGP source: PCrn0I0aO9.exe, 00000003.00000003.1515880044.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, PCrn0I0aO9.exe, 00000003.00000003.1516030865.0000000003100000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1519740197.0000000004E10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1520703463.0000000005000000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: PCrn0I0aO9.exe, 00000003.00000003.1516461139.00000000030B0000.00000004.00000001.00020000.00000000.sdmp, PCrn0I0aO9.exe, 00000003.00000003.1516286954.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1521809741.0000000004E10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1522118066.0000000004FB0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdbUGP source: PCrn0I0aO9.exe, 00000003.00000003.1516970411.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, PCrn0I0aO9.exe, 00000003.00000003.1517158034.0000000003130000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1523303392.0000000005030000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1523051052.0000000004E10000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernel32.pdbUGP source: PCrn0I0aO9.exe, 00000003.00000003.1516686412.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, PCrn0I0aO9.exe, 00000003.00000003.1516764700.0000000003030000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1522756810.0000000004F30000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1522611378.0000000004E10000.00000004.00000001.00020000.00000000.sdmp
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 4x nop then dec esp8_2_00000256917E0511

                      Networking

                      barindex
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 104.37.175.232:7716 -> 192.168.2.9:49747
                      Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 104.37.175.232 7716Jump to behavior
                      Source: Malware configuration extractorURLs: https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihus
                      Source: global trafficTCP traffic: 192.168.2.9:49747 -> 104.37.175.232:7716
                      Source: Joe Sandbox ViewIP Address: 104.37.175.232 104.37.175.232
                      Source: Joe Sandbox ViewASN Name: MAJESTIC-HOSTING-01US MAJESTIC-HOSTING-01US
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.232
                      Source: PCrn0I0aO9.exe, DiskTuner.exe.0.drString found in binary or memory: http://%shttp://a.SharedObject.BadPersistencependingSharedObject.UriMismatch
                      Source: PCrn0I0aO9.exe, DiskTuner.exe.0.drString found in binary or memory: http://.macromedia.com/support/flashplayer/sys/https://SettingsSubdomainmms.cfgdefaultAuthorLocalSec
                      Source: PCrn0I0aO9.exe, DiskTuner.exe.0.drString found in binary or memory: http://www.macromedia.com
                      Source: PCrn0I0aO9.exe, DiskTuner.exe.0.drString found in binary or memory: http://www.macromedia.comhttps://www.macromedia.com/support/flashplayer/sys/&amp
                      Source: svchost.exe, 00000004.00000002.1609871786.0000000002D0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.1609222167.000000000287C000.00000004.00000010.00020000.00000000.sdmp, fontdrvhost.exe, fontdrvhost.exe, 00000008.00000002.1736925633.00000256917E0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihus
                      Source: svchost.exe, 00000004.00000002.1609871786.0000000002D0C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000008.00000002.1736925633.00000256917E0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihuskernelbasentdllkernel32GetProcessMitig
                      Source: svchost.exe, 00000004.00000002.1609222167.000000000287C000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihusx
                      Source: svchost.exe, 00000004.00000003.1542040398.0000000002DA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-query
                      Source: svchost.exe, 00000004.00000003.1542040398.0000000002DA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachi
                      Source: PCrn0I0aO9.exe, DiskTuner.exe.0.drString found in binary or memory: https://www.macromedia.com/bin/flashdownload.cgi
                      Source: PCrn0I0aO9.exe, DiskTuner.exe.0.drString found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 0_2_004D9AB0 GlobalAlloc,GlobalLock,GlobalUnlock,WideCharToMultiByte,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,SetClipboardData,SetClipboardData,CloseClipboard,0_2_004D9AB0
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 0_2_004D9AB0 GlobalAlloc,GlobalLock,GlobalUnlock,WideCharToMultiByte,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,SetClipboardData,SetClipboardData,CloseClipboard,0_2_004D9AB0
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_2_004D9AB0 GlobalAlloc,GlobalLock,GlobalUnlock,WideCharToMultiByte,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,SetClipboardData,SetClipboardData,CloseClipboard,3_2_004D9AB0
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 0_2_004D9C20 OpenClipboard,GetClipboardData,GetClipboardData,GetClipboardData,GetClipboardData,CloseClipboard,0_2_004D9C20
                      Source: PCrn0I0aO9.exe, 00000003.00000003.1516970411.0000000002F10000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_8c36fe98-3
                      Source: PCrn0I0aO9.exe, 00000003.00000003.1516970411.0000000002F10000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_aeba5d58-e
                      Source: Yara matchFile source: 4.3.svchost.exe.5030000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.svchost.exe.4e10000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.PCrn0I0aO9.exe.2f10000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.PCrn0I0aO9.exe.2f10000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.PCrn0I0aO9.exe.3130000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000003.00000003.1516970411.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1523303392.0000000005030000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.1517158034.0000000003130000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1523051052.0000000004E10000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: PCrn0I0aO9.exe PID: 7944, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 7988, type: MEMORYSTR

                      System Summary

                      barindex
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeFile dump: DiskTuner.exe.0.dr 979567349Jump to dropped file
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 8_2_00000256917E0AC8 NtAcceptConnectPort,NtAcceptConnectPort,8_2_00000256917E0AC8
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 8_2_00000256917E15C0 NtAcceptConnectPort,8_2_00000256917E15C0
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 8_2_00000256917E1CF4 NtAcceptConnectPort,CloseHandle,8_2_00000256917E1CF4
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 8_2_00000256917E1AA4 NtAcceptConnectPort,NtAcceptConnectPort,8_2_00000256917E1AA4
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 0_2_0040A0200_2_0040A020
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 0_2_0042D3000_2_0042D300
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 0_2_0043C3C00_2_0043C3C0
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 0_2_0042D39B0_2_0042D39B
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 0_2_0042D4F90_2_0042D4F9
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 0_2_0041B4B00_2_0041B4B0
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 0_2_004206700_2_00420670
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 0_2_004166210_2_00416621
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 0_2_0045E8700_2_0045E870
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 0_2_0047DA000_2_0047DA00
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 0_2_0040ACD00_2_0040ACD0
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 0_2_00429E100_2_00429E10
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 0_2_00464EE00_2_00464EE0
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_3_007D81D23_3_007D81D2
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_3_007CC2313_3_007CC231
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_3_007CC4003_3_007CC400
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_2_0040A0203_2_0040A020
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_2_0042D3003_2_0042D300
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_2_0042D39B3_2_0042D39B
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_2_004033A13_2_004033A1
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_2_0042D4F93_2_0042D4F9
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_2_0041B4B03_2_0041B4B0
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_2_004206703_2_00420670
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_2_004166213_2_00416621
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_2_0045E8703_2_0045E870
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_2_0047DA003_2_0047DA00
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_2_0040ACD03_2_0040ACD0
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_2_00429E103_2_00429E10
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_2_00464EE03_2_00464EE0
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 8_2_00000256917E0C708_2_00000256917E0C70
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: String function: 00435140 appears 66 times
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: String function: 007CCD90 appears 33 times
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: String function: 004C9120 appears 58 times
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: String function: 00435350 appears 68 times
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7944 -s 408
                      Source: PCrn0I0aO9.exeBinary or memory string: OriginalFilename vs PCrn0I0aO9.exe
                      Source: PCrn0I0aO9.exe, 00000000.00000002.1548531951.0000000002762000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSAFlashPlayer.exe@ vs PCrn0I0aO9.exe
                      Source: PCrn0I0aO9.exe, 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSAFlashPlayer.exe@ vs PCrn0I0aO9.exe
                      Source: PCrn0I0aO9.exe, 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs PCrn0I0aO9.exe
                      Source: PCrn0I0aO9.exe, 00000000.00000000.1342021872.0000000000628000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSAFlashPlayer.exe@ vs PCrn0I0aO9.exe
                      Source: PCrn0I0aO9.exe, 00000000.00000002.1548348947.00000000024F9000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs PCrn0I0aO9.exe
                      Source: PCrn0I0aO9.exe, 00000003.00000003.1515880044.0000000003088000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PCrn0I0aO9.exe
                      Source: PCrn0I0aO9.exe, 00000003.00000003.1516286954.0000000003033000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PCrn0I0aO9.exe
                      Source: PCrn0I0aO9.exe, 00000003.00000003.1516970411.0000000002F10000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKernelbase.dllj% vs PCrn0I0aO9.exe
                      Source: PCrn0I0aO9.exe, 00000003.00000003.1518037946.00000000007E9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs PCrn0I0aO9.exe
                      Source: PCrn0I0aO9.exe, 00000003.00000003.1517158034.0000000003311000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKernelbase.dllj% vs PCrn0I0aO9.exe
                      Source: PCrn0I0aO9.exe, 00000003.00000000.1503123008.0000000000628000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSAFlashPlayer.exe@ vs PCrn0I0aO9.exe
                      Source: PCrn0I0aO9.exe, 00000003.00000003.1516764700.0000000003080000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs PCrn0I0aO9.exe
                      Source: PCrn0I0aO9.exe, 00000003.00000003.1516686412.0000000002FA2000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs PCrn0I0aO9.exe
                      Source: PCrn0I0aO9.exe, 00000003.00000003.1516686412.0000000002F10000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \[FileVersionProductVersionFileDescriptionCompanyNameProductNameOriginalFilenameInternalNameLegalCopyright vs PCrn0I0aO9.exe
                      Source: PCrn0I0aO9.exe, 00000003.00000003.1514791334.00000000007E9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs PCrn0I0aO9.exe
                      Source: PCrn0I0aO9.exe, 00000003.00000003.1516461139.00000000031DD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PCrn0I0aO9.exe
                      Source: PCrn0I0aO9.exe, 00000003.00000003.1516030865.0000000003286000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PCrn0I0aO9.exe
                      Source: PCrn0I0aO9.exe, 00000003.00000003.1516764700.0000000003030000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \[FileVersionProductVersionFileDescriptionCompanyNameProductNameOriginalFilenameInternalNameLegalCopyright vs PCrn0I0aO9.exe
                      Source: PCrn0I0aO9.exeBinary or memory string: OriginalFilenameSAFlashPlayer.exe@ vs PCrn0I0aO9.exe
                      Source: PCrn0I0aO9.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                      Source: PCrn0I0aO9.exe, 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmp, PCrn0I0aO9.exe, 00000000.00000002.1548348947.00000000024F9000.00000040.00001000.00020000.00000000.sdmp, PCrn0I0aO9.exe, 00000003.00000003.1518037946.00000000007E9000.00000040.00000400.00020000.00000000.sdmp, PCrn0I0aO9.exe, 00000003.00000003.1514791334.00000000007E9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: .a_po^ ojYd.o B U.R G v.Q_F& ZNH K.9.sV`OQ qOq_A( N5.j P.X z.k.Yf_HL.P.L`.C Ue_q_B_t.h{_yr\=A f.3_q_Fvb_H_bm W.UP#.by_iY.Yw I.Y_G p.3c g.Zy S v.U.N C_m Z_i.H_j B l_DH_Pd.iz_O.f~ U z_Mv_d7 T Mz.f.594/}_m kS.v.D u.rZu.S G.N_x.V J.Q.G FO^.X<.6_fv.V ny.L,_E.2.m I_l.b$ Mx sZ.K! p.Y.U.V:U.89 R_H F3.d_R A UQ.C_y y Y Jb.Q_S.N.s< l_Ab~[_w9zV?!C9.N_HQ)*_n R.tP Ww_u aU;.V EPk Xr.Q0.y.A!]_b!7 g.R_pF.E_b o.o.q.o_E.T_rdfw.c}_ck.4.Y_w:_P.B(#`_xy_i.3_Y.A_N.q.6.YE_S_T.R H n.R_d_F.V.s_R68).I aL q.H b.W.Q!.r b_w c c$_va.X_v.tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_C_Q.e J q7E V P.LP_Q.kTN_c.F.D gc.hT_s_Q1
                      Source: PCrn0I0aO9.exe, PCrn0I0aO9.exe, 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmp, PCrn0I0aO9.exe, 00000000.00000002.1548348947.00000000024F9000.00000040.00001000.00020000.00000000.sdmp, PCrn0I0aO9.exe, 00000003.00000003.1518037946.00000000007E9000.00000040.00000400.00020000.00000000.sdmp, PCrn0I0aO9.exe, 00000003.00000003.1514791334.00000000007E9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: .tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_
                      Source: classification engineClassification label: mal100.troj.evad.winEXE@9/6@0/1
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 0_2_004F9340 CoCreateInstance,0_2_004F9340
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeFile created: C:\Users\user\Videos\DiskTunerJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-47c6bd2c-b184-e8d685-d520ae930867}
                      Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess8180
                      Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\ee949ea5-4f58-4423-a5e8-536fd943fe93Jump to behavior
                      Source: PCrn0I0aO9.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: PCrn0I0aO9.exeReversingLabs: Detection: 23%
                      Source: PCrn0I0aO9.exeString found in binary or memory: ms-help:
                      Source: PCrn0I0aO9.exeString found in binary or memory: B_flashuseCodepageStandAloneWIN 8,0,22,0A=%b&SA=%b&SV=%b&EV=%b&MP3=%b&AE=%b&VE=%b&ACC=%b&PR=%b&SP=%b&SB=%b&DEB=%b&V=%s%s&PT=%s&AVD=%b&LFD=%b&WD=%b%20http://%s/scriptms-help:mk:ms-itss:ms-its:its:vshelp:local:shell:
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeFile read: C:\Users\user\Desktop\PCrn0I0aO9.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\PCrn0I0aO9.exe "C:\Users\user\Desktop\PCrn0I0aO9.exe"
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeProcess created: C:\Users\user\Desktop\PCrn0I0aO9.exe "C:\Users\user\Desktop\PCrn0I0aO9.exe"
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7944 -s 408
                      Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                      Source: C:\Windows\System32\fontdrvhost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 8180 -s 136
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeProcess created: C:\Users\user\Desktop\PCrn0I0aO9.exe "C:\Users\user\Desktop\PCrn0I0aO9.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeSection loaded: wsock32.dllJump to behavior
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeSection loaded: k7rn7l32.dllJump to behavior
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeSection loaded: ntd3ll.dllJump to behavior
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: powrprof.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: umpdc.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
                      Source: PCrn0I0aO9.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                      Source: PCrn0I0aO9.exeStatic file information: File size 2981888 > 1048576
                      Source: PCrn0I0aO9.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x13c000
                      Source: PCrn0I0aO9.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x175000
                      Source: Binary string: wkernel32.pdb source: PCrn0I0aO9.exe, 00000003.00000003.1516686412.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, PCrn0I0aO9.exe, 00000003.00000003.1516764700.0000000003030000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1522756810.0000000004F30000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1522611378.0000000004E10000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdb source: PCrn0I0aO9.exe, 00000003.00000003.1516970411.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, PCrn0I0aO9.exe, 00000003.00000003.1517158034.0000000003130000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1523303392.0000000005030000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1523051052.0000000004E10000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdb source: PCrn0I0aO9.exe, 00000003.00000003.1515880044.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, PCrn0I0aO9.exe, 00000003.00000003.1516030865.0000000003100000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1519740197.0000000004E10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1520703463.0000000005000000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdbUGP source: PCrn0I0aO9.exe, 00000003.00000003.1516461139.00000000030B0000.00000004.00000001.00020000.00000000.sdmp, PCrn0I0aO9.exe, 00000003.00000003.1516286954.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1521809741.0000000004E10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1522118066.0000000004FB0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdbUGP source: PCrn0I0aO9.exe, 00000003.00000003.1515880044.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, PCrn0I0aO9.exe, 00000003.00000003.1516030865.0000000003100000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1519740197.0000000004E10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1520703463.0000000005000000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: PCrn0I0aO9.exe, 00000003.00000003.1516461139.00000000030B0000.00000004.00000001.00020000.00000000.sdmp, PCrn0I0aO9.exe, 00000003.00000003.1516286954.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1521809741.0000000004E10000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1522118066.0000000004FB0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdbUGP source: PCrn0I0aO9.exe, 00000003.00000003.1516970411.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, PCrn0I0aO9.exe, 00000003.00000003.1517158034.0000000003130000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1523303392.0000000005030000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1523051052.0000000004E10000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernel32.pdbUGP source: PCrn0I0aO9.exe, 00000003.00000003.1516686412.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, PCrn0I0aO9.exe, 00000003.00000003.1516764700.0000000003030000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1522756810.0000000004F30000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1522611378.0000000004E10000.00000004.00000001.00020000.00000000.sdmp
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 0_2_004D7960 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004D7960
                      Source: PCrn0I0aO9.exeStatic PE information: real checksum: 0x241059 should be: 0x2d961a
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 0_2_004CA770 push eax; ret 0_2_004CA784
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 0_2_004CA770 push eax; ret 0_2_004CA7AC
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_3_007DB86D push ebx; ret 3_3_007DB864
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_3_007DA840 push ebp; retf 3_3_007DA841
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_3_007DE83C pushad ; ret 3_3_007DE841
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_3_007DE80E push eax; iretd 3_3_007DE81D
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_3_007DA0F9 push FFFFFF82h; iretd 3_3_007DA0FB
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_3_007DD8A0 push 0000002Eh; iretd 3_3_007DD8A2
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_3_007D8904 push ecx; ret 3_3_007D8917
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_3_007DB1DD push eax; ret 3_3_007DB1DF
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_3_007DE586 pushad ; retf 3_3_007DE599
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_3_007D9F6A push eax; ret 3_3_007D9F75
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_3_007DB70B push ebx; ret 3_3_007DB864
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_2_004381E0 push ecx; retf 3_2_004382AC
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_2_004381A0 push ecx; retf 3_2_004382AC
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_2_004CA770 push eax; ret 3_2_004CA784
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_2_004CA770 push eax; ret 3_2_004CA7AC
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_2_00434C60 push edi; retf 3_2_00434D5F
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_2_00434CF0 push edi; retf 3_2_00434D5F
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_2_00434C90 push edi; retf 3_2_00434D5F
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_2_00434CB0 push edi; retf 3_2_00434D5F
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_2_00447D60 push ecx; retf 3_2_00447E0D
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_2_00436DB0 push ecx; retf 3_2_00436EEF
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_028A588E push eax; iretd 4_3_028A589D
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_028A58BC pushad ; ret 4_3_028A58C1
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_028A18C0 push ebp; retf 4_3_028A18C1
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_028A28ED push ebx; ret 4_3_028A28E4
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_028A5606 pushad ; retf 4_3_028A5619
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_028A6012 push 00000038h; iretd 4_3_028A601D
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_028A225D push eax; ret 4_3_028A225F
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_028A278B push ebx; ret 4_3_028A28E4
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeFile created: C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exeJump to dropped file
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DiskTunerJump to behavior
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DiskTunerJump to behavior

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (31).png
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 0_2_004D7960 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004D7960
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeAPI/Special instruction interceptor: Address: 7FF90818D044
                      Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FF90818D044
                      Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 516B83A
                      Source: PCrn0I0aO9.exe, 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmp, PCrn0I0aO9.exe, 00000000.00000002.1548348947.00000000024F9000.00000040.00001000.00020000.00000000.sdmp, PCrn0I0aO9.exe, 00000003.00000003.1518037946.00000000007E9000.00000040.00000400.00020000.00000000.sdmp, PCrn0I0aO9.exe, 00000003.00000003.1514791334.00000000007E9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: ORIGINALFILENAMECFF EXPLORER.EXE:
                      Source: PCrn0I0aO9.exeBinary or memory string: CFF EXPLORER.EXE
                      Source: PCrn0I0aO9.exe, 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmp, PCrn0I0aO9.exe, 00000000.00000002.1548348947.00000000024F9000.00000040.00001000.00020000.00000000.sdmp, PCrn0I0aO9.exe, 00000003.00000003.1518037946.00000000007E9000.00000040.00000400.00020000.00000000.sdmp, PCrn0I0aO9.exe, 00000003.00000003.1514791334.00000000007E9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: INTERNALNAMECFF EXPLORER.EXE
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeDropped PE file which has not been started: C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exeJump to dropped file
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeAPI coverage: 0.4 %
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: svchost.exe, 00000004.00000003.1523051052.0000000004E10000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DisableGuestVmNetworkConnectivity
                      Source: svchost.exe, 00000004.00000002.1609682437.0000000002C43000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: svchost.exe, 00000004.00000002.1609682437.0000000002C43000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
                      Source: svchost.exe, 00000004.00000003.1523051052.0000000004E10000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: EnableGuestVmNetworkConnectivity
                      Source: svchost.exe, 00000004.00000002.1609835726.0000000002C5C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWRSVP UDP Service Provider
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_3_007D9098 VirtualAlloc,LdrInitializeThunk,VirtualFree,3_3_007D9098
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 0_2_004D7960 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004D7960
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_3_007D9277 mov eax, dword ptr fs:[00000030h]3_3_007D9277
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_028A0283 mov eax, dword ptr fs:[00000030h]4_3_028A0283
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 0_2_0052B440 GetProcessHeap,HeapAlloc,0_2_0052B440
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeProcess created: C:\Users\user\Desktop\PCrn0I0aO9.exe "C:\Users\user\Desktop\PCrn0I0aO9.exe"Jump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 104.37.175.232 7716Jump to behavior
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeMemory written: C:\Users\user\Desktop\PCrn0I0aO9.exe base: 7A0000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 3_3_007CCDD5 cpuid 3_3_007CCDD5
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: GetCurrentThreadId,GetKeyboardLayout,GetLocaleInfoA,0_2_004C9670
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: GetCurrentThreadId,GetKeyboardLayout,GetLocaleInfoA,3_2_004C9670
                      Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 0_2_004CE5B0 GetSystemTime,GetTimeZoneInformation,0_2_004CE5B0
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 0_2_004CE5B0 GetSystemTime,GetTimeZoneInformation,0_2_004CE5B0
                      Source: C:\Users\user\Desktop\PCrn0I0aO9.exeCode function: 0_2_004CB0E0 GetVersionExA,0_2_004CB0E0
                      Source: C:\Windows\SysWOW64\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Source: Yara matchFile source: 00000003.00000003.1514526955.0000000000970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1518227439.00000000029E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.1523626974.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1610365109.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

                      Remote Access Functionality

                      barindex
                      Source: Yara matchFile source: 00000003.00000003.1514526955.0000000000970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1518227439.00000000029E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.1523626974.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1610365109.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
                      Windows Management Instrumentation
                      1
                      Registry Run Keys / Startup Folder
                      211
                      Process Injection
                      11
                      Masquerading
                      21
                      Input Capture
                      2
                      System Time Discovery
                      Remote Services21
                      Input Capture
                      1
                      Encrypted Channel
                      Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts2
                      Command and Scripting Interpreter
                      1
                      DLL Side-Loading
                      1
                      Registry Run Keys / Startup Folder
                      1
                      Virtualization/Sandbox Evasion
                      LSASS Memory221
                      Security Software Discovery
                      Remote Desktop Protocol1
                      Archive Collected Data
                      1
                      Non-Standard Port
                      Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain Accounts1
                      Native API
                      Logon Script (Windows)1
                      DLL Side-Loading
                      1
                      Disable or Modify Tools
                      Security Account Manager1
                      Virtualization/Sandbox Evasion
                      SMB/Windows Admin Shares3
                      Clipboard Data
                      1
                      Application Layer Protocol
                      Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook211
                      Process Injection
                      NTDS1
                      Process Discovery
                      Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      Deobfuscate/Decode Files or Information
                      LSA Secrets135
                      System Information Discovery
                      SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
                      Obfuscated Files or Information
                      Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                      DLL Side-Loading
                      DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand
                      SourceDetectionScannerLabelLink
                      PCrn0I0aO9.exe24%ReversingLabs
                      No Antivirus matches
                      No Antivirus matches
                      No Antivirus matches
                      SourceDetectionScannerLabelLink
                      https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihusx0%Avira URL Cloudsafe
                      https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihus0%Avira URL Cloudsafe
                      https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihuskernelbasentdllkernel32GetProcessMitig0%Avira URL Cloudsafe
                      No contacted domains info
                      NameMaliciousAntivirus DetectionReputation
                      https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihustrue
                      • Avira URL Cloud: safe
                      unknown
                      NameSourceMaliciousAntivirus DetectionReputation
                      https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihusxsvchost.exe, 00000004.00000002.1609222167.000000000287C000.00000004.00000010.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://cloudflare-dns.com/dns-querysvchost.exe, 00000004.00000003.1542040398.0000000002DA1000.00000004.00000020.00020000.00000000.sdmpfalse
                        high
                        http://www.macromedia.comPCrn0I0aO9.exe, DiskTuner.exe.0.drfalse
                          high
                          https://104.37.175.232:7716/a77586b5414f862b919/3o3m5nij.fihuskernelbasentdllkernel32GetProcessMitigsvchost.exe, 00000004.00000002.1609871786.0000000002D0C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000008.00000002.1736925633.00000256917E0000.00000040.00000001.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachisvchost.exe, 00000004.00000003.1542040398.0000000002DA1000.00000004.00000020.00020000.00000000.sdmpfalse
                            high
                            http://%shttp://a.SharedObject.BadPersistencependingSharedObject.UriMismatchPCrn0I0aO9.exe, DiskTuner.exe.0.drfalse
                              high
                              http://.macromedia.com/support/flashplayer/sys/https://SettingsSubdomainmms.cfgdefaultAuthorLocalSecPCrn0I0aO9.exe, DiskTuner.exe.0.drfalse
                                high
                                http://www.macromedia.comhttps://www.macromedia.com/support/flashplayer/sys/&ampPCrn0I0aO9.exe, DiskTuner.exe.0.drfalse
                                  high
                                  https://www.macromedia.com/bin/flashdownload.cgiPCrn0I0aO9.exe, DiskTuner.exe.0.drfalse
                                    high
                                    https://www.macromedia.com/support/flashplayer/sys/PCrn0I0aO9.exe, DiskTuner.exe.0.drfalse
                                      high
                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs
                                      IPDomainCountryFlagASNASN NameMalicious
                                      104.37.175.232
                                      unknownUnited States
                                      396073MAJESTIC-HOSTING-01UStrue
                                      Joe Sandbox version:41.0.0 Charoite
                                      Analysis ID:1568478
                                      Start date and time:2024-12-04 16:50:10 +01:00
                                      Joe Sandbox product:CloudBasic
                                      Overall analysis duration:0h 7m 53s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Cookbook file name:default.jbs
                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                      Number of analysed new started processes analysed:15
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • HCA enabled
                                      • EGA enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Sample name:PCrn0I0aO9.exe
                                      renamed because original name is a hash value
                                      Original Sample Name:5ff5a1bf6c25061affee617272ffa06bbc22b44299e7c3535fcdfe8c1f0c34e8.exe
                                      Detection:MAL
                                      Classification:mal100.troj.evad.winEXE@9/6@0/1
                                      EGA Information:
                                      • Successful, ratio: 50%
                                      HCA Information:Failed
                                      Cookbook Comments:
                                      • Found application associated with file extension: .exe
                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                      • Excluded IPs from analysis (whitelisted): 13.89.179.12
                                      • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, onedsblobprdcus17.centralus.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com
                                      • Execution Graph export aborted for target PCrn0I0aO9.exe, PID 7944 because there are no executed function
                                      • Execution Graph export aborted for target svchost.exe, PID 7988 because there are no executed function
                                      • Not all processes where analyzed, report is missing behavior information
                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                      • VT rate limit hit for: PCrn0I0aO9.exe
                                      TimeTypeDescription
                                      10:51:40API Interceptor1x Sleep call for process: WerFault.exe modified
                                      15:51:26AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run DiskTuner C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe
                                      15:51:34AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run DiskTuner C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe
                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      104.37.175.232ZtnN5sSpDk.exeGet hashmaliciousRHADAMANTHYSBrowse
                                        Readme.lnk.download.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                          098aPtSbmd.batGet hashmaliciousRHADAMANTHYSBrowse
                                            loader.ps1.batGet hashmaliciousRHADAMANTHYSBrowse
                                              readme.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                Documenti relativi alla violazione dei diritti di propriet#U00e0 intellettuale.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                  No context
                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  MAJESTIC-HOSTING-01USaHoqCI0AZq.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                  • 104.37.175.221
                                                  LJqzegzQl0.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                  • 104.37.175.221
                                                  ZtnN5sSpDk.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                  • 104.37.175.232
                                                  wg7SDQAffQ.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                  • 104.37.175.221
                                                  Readme.lnk.download.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                  • 104.37.175.232
                                                  098aPtSbmd.batGet hashmaliciousRHADAMANTHYSBrowse
                                                  • 104.37.175.232
                                                  loader.ps1.batGet hashmaliciousRHADAMANTHYSBrowse
                                                  • 104.37.175.232
                                                  readme.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                  • 104.37.175.232
                                                  Documenti relativi alla violazione dei diritti di propriet#U00e0 intellettuale.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                  • 104.37.175.232
                                                  loligang.ppc.elfGet hashmaliciousMiraiBrowse
                                                  • 191.96.140.127
                                                  No context
                                                  No context
                                                  Process:C:\Windows\System32\WerFault.exe
                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):65536
                                                  Entropy (8bit):0.6600215209544147
                                                  Encrypted:false
                                                  SSDEEP:96:KbWfGFpwu3eDqigKJ6Zs3Wrk41yHpHS2QXIDcQkc6tcEycw3ZUtzJzQ+HbHgrZ2r:8zVkHn6ZxR0apYKjqzuiFfZ24lO8JO
                                                  MD5:1138C525669148EA210EEEFB0656A8B9
                                                  SHA1:C3A6685006938C404CBFBF584472A65EA00AF593
                                                  SHA-256:DCECD003A770DD202AA7A772137A66FDDCA532B1D5DC041E06ABC964558107E8
                                                  SHA-512:8F70C4B4D9C9F31E52CCC17F3389D33415A8B0FF36150BC21448927D77F98FAF778A4D3D3ADA7565D73C44A3349EAE54DBC9967C5240E59F5DADF3327A6E1781
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.6.4.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.7.8.0.1.0.9.1.6.3.9.2.6.4.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.7.8.0.1.0.9.2.7.6.4.2.6.9.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.f.a.f.9.e.d.3.-.c.1.8.7.-.4.8.c.a.-.a.8.4.b.-.6.7.1.b.4.5.9.7.a.9.5.3.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.5.d.b.1.8.e.7.-.c.d.c.7.-.4.7.c.6.-.9.e.8.6.-.0.5.3.5.e.7.3.f.1.a.e.1.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.f.f.4.-.0.0.0.1.-.0.0.1.4.-.7.6.6.2.-.6.e.6.1.6.4.4.6.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.5.e.f.b.3.f.9.7.3.4.2.b.a.1.9.5.4.2.4.1.3.4.f.2.8.f.9.7.7.d.a.9.e.0.d.6.a.a.9.1.!.f.o.n.t.d.r.v.h.o.
                                                  Process:C:\Windows\System32\WerFault.exe
                                                  File Type:Mini DuMP crash report, 14 streams, Wed Dec 4 15:51:31 2024, 0x1205a4 type
                                                  Category:dropped
                                                  Size (bytes):48566
                                                  Entropy (8bit):1.2503924839829603
                                                  Encrypted:false
                                                  SSDEEP:96:5D8gW3QPRQlbyUUo7i7fWcvUO9bOnIIIhSfWgRbiFfYlgbl/SxWINNpIg3U:KgcQ0U+OPbuIIIhSfNilYlgpSvE
                                                  MD5:BA3143BF4733A48F5B8A940ABD3ADF07
                                                  SHA1:C4A07E16B4E0D85C17717A3358DED8EA6C90EA01
                                                  SHA-256:CBFB271485C8A0F561B2859E117E328A215075D157009D665CC5E9EEE51991D7
                                                  SHA-512:987F4C73F0B7A91D0DE1622608EA4C3845CF75A23F865B2E704F5F68BE80158F59F148D8BDFD818477F4A0C0F19ACB2BF57318B7B43AA914D9416C5CC7564634
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:MDMP..a..... ........zPg........................................2!..........T.......8...........T.......................................................................................................................eJ..............Lw......................T............zPg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                  Process:C:\Windows\System32\WerFault.exe
                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):8622
                                                  Entropy (8bit):3.691630145346484
                                                  Encrypted:false
                                                  SSDEEP:192:R6l7wVeJLYEK3MUe6Y3GwD3gmfr57vopDT89brvQf65Zm:R6lXJ0ET6YWwD3gmfrFvRrYf6W
                                                  MD5:9603780BE0E5DFED0862C105D5F96E4F
                                                  SHA1:DBFBB7DC872D2DCC238D87A904878465C7A06BFD
                                                  SHA-256:91D90E3891A4509BA131650447D5E7A5617093AA6E1B56890E8CFDFAED57730A
                                                  SHA-512:A1885A795EA6C127F945645C8EE0B1336C86DFA00AF0902742CD1F29009AE3D2AAAC657D3A71855EF1F0C068563EE308F5FF881A3A18EAB5079713F7F18315D5
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.8.1.8.0.<./.P.i.
                                                  Process:C:\Windows\System32\WerFault.exe
                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):4853
                                                  Entropy (8bit):4.443538927828899
                                                  Encrypted:false
                                                  SSDEEP:48:cvIwWl8zsZVJg771I91iWpW8VYhFPYm8M4Jk5LvM6Fa2yq8vU5LvML3aMuAFd:uIjfNI7ej7V+SJcjMqWsjM71uKd
                                                  MD5:73499A5B65852571FB94F53C90E3D8BC
                                                  SHA1:23D17EDBAF3E8045DB387AF39183223BEA42B84D
                                                  SHA-256:235453890A692FD9CD0ED3F9930E90E90935FD2DBAC6A6C7A3FAB2E3D9C9D411
                                                  SHA-512:24CFBFD1A23F276C37130E9C1FA06C3A5AF3D46A7F8CDB3D96D57A8640F0C7DEFEB44A05EB3AD5930C8FA96954727AE5DB1DDFBFCDB2814718A30244AAC062A5
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="616734" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                                  Process:C:\Users\user\Desktop\PCrn0I0aO9.exe
                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):979567349
                                                  Entropy (8bit):0.04635168865251436
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:816E6155D5B67947E168AFF0CC34A1EF
                                                  SHA1:8F521251B8AEAE9BAC30F638C013E784195F288B
                                                  SHA-256:E588C5BD9912C4CC4FF8A905CE578D8E069AA4987F829DFDDCF271E449568CFD
                                                  SHA-512:8A96D7AEDBA31BBF154B402AA08B63C84EADE20A152CEF7E721D7750D619EA0E5A2D9DA1039C4DCB25525A92AFB13FADD964031D6766FB01B64FE10D69DE7D83
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................z..............z........#.............................Rich..................PE..L......C..........................................@...........................9.....Y.$..............................................."..F...........................................................................................................text............................... ..`.rdata...|..........................@..@.data....)...P.......P..............@....rsrc....F...."..P...0..............@..@................................................................................................................................................................................................................................................................................................................................................
                                                  Process:C:\Windows\System32\WerFault.exe
                                                  File Type:MS Windows registry file, NT/2000 or above
                                                  Category:dropped
                                                  Size (bytes):1835008
                                                  Entropy (8bit):4.394662745621621
                                                  Encrypted:false
                                                  SSDEEP:6144:rl4fiJoH0ncNXiUjt10qCG/gaocYGBoaUMMhA2NX4WABlBuNAROBSqa:p4vFCMYQUMM6VFYSRU
                                                  MD5:1CF3C7E8250A5FDF84DA92A9F964671E
                                                  SHA1:CB2F0051597BE3D7D4FF9F7E10C12AD541C79E2F
                                                  SHA-256:C9CB0E167EA1468E18CC79940E912ABC649037E06FE5EF1B80365C7D1096DB70
                                                  SHA-512:9A231393F9A100EC3C3B0F8E39C49F6040BA35E3284E3F1AD410213DA0389D64AC07B367261F2BC7CC3E0E64D719C70E2DCBA204C68D17341D4B7BF3BD41D0EC
                                                  Malicious:false
                                                  Preview:regfG...G....\.Z.................... ....`......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm._`cdF................................................................................................................................................................................................................................................................................................................................................wW........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                  Entropy (8bit):6.969133303477061
                                                  TrID:
                                                  • Win32 Executable (generic) a (10002005/4) 99.40%
                                                  • InstallShield setup (43055/19) 0.43%
                                                  • Windows Screen Saver (13104/52) 0.13%
                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                  • DOS Executable Generic (2002/1) 0.02%
                                                  File name:PCrn0I0aO9.exe
                                                  File size:2'981'888 bytes
                                                  MD5:2079cc699607e1946c94d546ecf70609
                                                  SHA1:cff5254d760f8c0a1648a88bef08e8ba191f5fad
                                                  SHA256:5ff5a1bf6c25061affee617272ffa06bbc22b44299e7c3535fcdfe8c1f0c34e8
                                                  SHA512:ebedec2a66f7019410dd250608cb8263a7ee457750f11e2f69b56f3a7ae728d79d6fdd297443e00b15328648cc89d986065560920fd07e3d7ddc5b1f4bea23c4
                                                  SSDEEP:49152:SVHFXSzmqiDqCbm1gickVsPTwuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuTuuuuT:SVHFXSzmqsegfkVsMuuuuuuuuuuuuuu0
                                                  TLSH:8BD5AE41F28181B1DD5276B05273D6B54672AEF8A73A80CF61D63F1B3B722E25A33346
                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................z.......................z...............#...............................................Rich...................
                                                  Icon Hash:c5a684988c94a0c5
                                                  Entrypoint:0x4dc300
                                                  Entrypoint Section:.text
                                                  Digitally signed:false
                                                  Imagebase:0x400000
                                                  Subsystem:windows gui
                                                  Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                  DLL Characteristics:NO_SEH
                                                  Time Stamp:0x4310D1EE [Sat Aug 27 20:49:50 2005 UTC]
                                                  TLS Callbacks:
                                                  CLR (.Net) Version:
                                                  OS Version Major:4
                                                  OS Version Minor:0
                                                  File Version Major:4
                                                  File Version Minor:0
                                                  Subsystem Version Major:4
                                                  Subsystem Version Minor:0
                                                  Import Hash:6cd1955b3508e1b7bae36e00ef841662
                                                  Instruction
                                                  sub esp, 44h
                                                  push esi
                                                  call dword ptr [0053D228h]
                                                  mov esi, eax
                                                  mov al, byte ptr [esi]
                                                  cmp al, 22h
                                                  call 00007F18C076AC40h
                                                  inc esi
                                                  cmp al, 22h
                                                  je 00007F18C081AC4Ah
                                                  test al, al
                                                  jne 00007F18C081AC36h
                                                  cmp al, 22h
                                                  jne 00007F18C081AC58h
                                                  inc esi
                                                  jmp 00007F18C081AC55h
                                                  cmp al, 20h
                                                  jbe 00007F18C081AC51h
                                                  lea esp, dword ptr [esp+00000000h]
                                                  mov al, byte ptr [esi+01h]
                                                  inc esi
                                                  cmp al, 20h
                                                  jnbe 00007F18C081AC3Ah
                                                  mov al, byte ptr [esi]
                                                  test al, al
                                                  je 00007F18C081AC50h
                                                  mov edi, edi
                                                  cmp al, 20h
                                                  jnbe 00007F18C081AC4Ah
                                                  mov al, byte ptr [esi+01h]
                                                  inc esi
                                                  test al, al
                                                  jne 00007F18C081AC36h
                                                  lea eax, dword ptr [esp+04h]
                                                  push eax
                                                  mov dword ptr [esp+34h], 00000000h
                                                  call dword ptr [0053D270h]
                                                  test byte ptr [esp+30h], 00000001h
                                                  movzx eax, word ptr [esp+34h]
                                                  jne 00007F18C081AC47h
                                                  mov eax, 0000000Ah
                                                  push eax
                                                  push esi
                                                  push 00000000h
                                                  push 00000000h
                                                  call dword ptr [0053D224h]
                                                  push eax
                                                  call 00007F18C081A843h
                                                  push eax
                                                  call dword ptr [0053D220h]
                                                  pop esi
                                                  int3
                                                  int3
                                                  int3
                                                  int3
                                                  int3
                                                  int3
                                                  movzx edx, byte ptr [ecx+0Dh]
                                                  xor eax, eax
                                                  mov ah, byte ptr [ecx+0Fh]
                                                  mov al, byte ptr [ecx+0Ch]
                                                  movzx ecx, byte ptr [ecx+0Eh]
                                                  shl eax, 08h
                                                  or eax, edx
                                                  shl eax, 08h
                                                  or eax, ecx
                                                  ret
                                                  int3
                                                  int3
                                                  int3
                                                  int3
                                                  int3
                                                  mov eax, ecx
                                                  mov dword ptr [eax], 00000000h
                                                  mov dword ptr [eax+04h], 00000000h
                                                  ret
                                                  push esi
                                                  push edi
                                                  mov esi, ecx
                                                  call dword ptr [0000D518h]
                                                  Programming Language:
                                                  • [ C ] VS2003 (.NET) build 3077
                                                  • [C++] VS2003 (.NET) build 3077
                                                  • [RES] VS2003 (.NET) build 3077
                                                  • [LNK] VS2003 (.NET) build 3077
                                                  NameVirtual AddressVirtual Size Is in Section
                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x152e180x118.rdata
                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x2280000x1746d4.rsrc
                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_IAT0x13d0000x598.rdata
                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                  .text0x10000x13bc900x13c000a098c7e84ad5a36a04535e1c3b73e500False0.5445657078223892data6.741499573740984IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                  .rdata0x13d0000x17c840x180007985ce6b5d14c95b3d11911cc6832e60False0.5450439453125data6.199908013459288IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                  .data0x1550000xd29080xe00033ed2020b692083bf67c882b0e6ea252False0.7456926618303571data7.206453493549018IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                  .rsrc0x2280000x1746d40x17500011df198fa594d99d53262111d9a3cd00False0.4497921204758713data6.806940900058616IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                  RT_CURSOR0x229a4c0x134dataEnglishUnited States0.275974025974026
                                                  RT_CURSOR0x229b800xb4dataEnglishUnited States0.6444444444444445
                                                  RT_CURSOR0x229c340x134Targa image data - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.39935064935064934
                                                  RT_CURSOR0x229d680xb4Targa image data - RLE 32 x 65536 x 1 +16 "\001"EnglishUnited States0.8944444444444445
                                                  RT_CURSOR0x229e1c0x134dataEnglishUnited States0.12012987012987013
                                                  RT_ICON0x229f500x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.3225609756097561
                                                  RT_ICON0x22a5b80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.43951612903225806
                                                  RT_ICON0x22a8a00x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 288EnglishUnited States0.4016393442622951
                                                  RT_ICON0x22aa880x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.4831081081081081
                                                  RT_ICON0x22abb00x35e0PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9907192575406032
                                                  RT_ICON0x22e1900xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.4584221748400853
                                                  RT_ICON0x22f0380x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.47382671480144406
                                                  RT_ICON0x22f8e00x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsEnglishUnited States0.45564516129032256
                                                  RT_ICON0x22ffa80x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.3504335260115607
                                                  RT_ICON0x2305100x668Device independent bitmap graphic, 48 x 96 x 4, image size 0EnglishUnited States0.1774390243902439
                                                  RT_ICON0x230b780x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishUnited States0.26344086021505375
                                                  RT_ICON0x230e600x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishUnited States0.46621621621621623
                                                  RT_ICON0x230f880xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishUnited States0.5335820895522388
                                                  RT_ICON0x231e300x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.5478339350180506
                                                  RT_ICON0x2326d80x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.41401734104046245
                                                  RT_ICON0x232c400x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.34865145228215766
                                                  RT_ICON0x2351e80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.36538461538461536
                                                  RT_ICON0x2362900x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.6462765957446809
                                                  RT_ICON0x2366f80x668Device independent bitmap graphic, 48 x 96 x 4, image size 0EnglishUnited States0.27987804878048783
                                                  RT_ICON0x236d600x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishUnited States0.40860215053763443
                                                  RT_ICON0x2370480x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 0EnglishUnited States0.47540983606557374
                                                  RT_ICON0x2372300x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishUnited States0.5506756756756757
                                                  RT_ICON0x2373580xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishUnited States0.4650852878464819
                                                  RT_ICON0x2382000x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.677797833935018
                                                  RT_ICON0x238aa80x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0EnglishUnited States0.7534562211981567
                                                  RT_ICON0x2391700x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.8034682080924855
                                                  RT_ICON0x2396d80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.32676348547717843
                                                  RT_ICON0x23bc800x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.4547373358348968
                                                  RT_ICON0x23cd280x988Device independent bitmap graphic, 24 x 48 x 32, image size 0EnglishUnited States0.5823770491803278
                                                  RT_ICON0x23d6b00x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.600177304964539
                                                  RT_ICON0x23db180x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.07868508221933042
                                                  RT_ICON0x24e3400x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States0.15114568005045195
                                                  RT_ICON0x2577e80x67e8Device independent bitmap graphic, 80 x 160 x 32, image size 26560EnglishUnited States0.1543233082706767
                                                  RT_ICON0x25dfd00x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States0.175184842883549
                                                  RT_ICON0x2634580x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.15948275862068967
                                                  RT_ICON0x2676800x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.24107883817427386
                                                  RT_ICON0x269c280x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.2678236397748593
                                                  RT_ICON0x26acd00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.37459016393442623
                                                  RT_ICON0x26b6580x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.42819148936170215
                                                  RT_ICON0x26bac00x668Device independent bitmap graphic, 48 x 96 x 4, image size 11520.3225609756097561
                                                  RT_ICON0x26c1280x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 5120.43951612903225806
                                                  RT_ICON0x26c4100x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 2880.4016393442622951
                                                  RT_ICON0x26c5f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 1280.4831081081081081
                                                  RT_ICON0x26c7200x35e0PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9907192575406032
                                                  RT_ICON0x26fd000xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors0.4584221748400853
                                                  RT_ICON0x270ba80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors0.47382671480144406
                                                  RT_ICON0x2714500x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors0.45564516129032256
                                                  RT_ICON0x271b180x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors0.3504335260115607
                                                  RT_ICON0x2720800x10828Device independent bitmap graphic, 128 x 256 x 32, image size 675840.07868508221933042
                                                  RT_ICON0x2828a80x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 380160.15114568005045195
                                                  RT_ICON0x28bd500x67e8Device independent bitmap graphic, 80 x 160 x 32, image size 265600.1543233082706767
                                                  RT_ICON0x2925380x5488Device independent bitmap graphic, 72 x 144 x 32, image size 216000.175184842883549
                                                  RT_ICON0x2979c00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 168960.15948275862068967
                                                  RT_ICON0x29bbe80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.24107883817427386
                                                  RT_ICON0x29e1900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.2678236397748593
                                                  RT_ICON0x29f2380x988Device independent bitmap graphic, 24 x 48 x 32, image size 24000.37459016393442623
                                                  RT_ICON0x29fbc00x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.42819148936170215
                                                  RT_MENU0x2a00280x280dataChineseTaiwan0.55
                                                  RT_MENU0x2a02a80x350dataGermanGermany0.46226415094339623
                                                  RT_MENU0x2a05f80x2f2dataEnglishUnited States0.46419098143236076
                                                  RT_MENU0x2a08ec0x34cdataFrenchFrance0.45260663507109006
                                                  RT_MENU0x2a0c380x356dataItalianItaly0.4601873536299766
                                                  RT_MENU0x2a0f900x2c0dataJapaneseJapan0.5539772727272727
                                                  RT_MENU0x2a12500x2c4dataKoreanNorth Korea0.5706214689265536
                                                  RT_MENU0x2a12500x2c4dataKoreanSouth Korea0.5706214689265536
                                                  RT_MENU0x2a15140x286dataChineseChina0.5479876160990712
                                                  RT_MENU0x2a179c0x336data0.46228710462287104
                                                  RT_MENU0x2a1ad40x116dataChineseTaiwan0.7086330935251799
                                                  RT_MENU0x2a1bec0x20adataGermanGermany0.5268199233716475
                                                  RT_MENU0x2a1df80x1d2dataEnglishUnited States0.5343347639484979
                                                  RT_MENU0x2a1fcc0x220dataFrenchFrance0.5055147058823529
                                                  RT_MENU0x2a21ec0x1fedataItalianItaly0.515686274509804
                                                  RT_MENU0x2a23ec0x146dataJapaneseJapan0.7239263803680982
                                                  RT_MENU0x2a25340x144dataKoreanNorth Korea0.7253086419753086
                                                  RT_MENU0x2a25340x144dataKoreanSouth Korea0.7253086419753086
                                                  RT_MENU0x2a26780x12edataChineseChina0.7019867549668874
                                                  RT_MENU0x2a27a80x1f4data0.536
                                                  RT_MENU0x2a299c0x6adataChineseTaiwan0.7452830188679245
                                                  RT_MENU0x2a2a080x9cdataGermanGermany0.7115384615384616
                                                  RT_MENU0x2a2aa40x70dataEnglishUnited States0.75
                                                  RT_MENU0x2a2b140x90dataFrenchFrance0.6805555555555556
                                                  RT_MENU0x2a2ba40x88dataItalianItaly0.7205882352941176
                                                  RT_MENU0x2a2c2c0x78dataJapaneseJapan0.75
                                                  RT_MENU0x2a2ca40x78dataKoreanNorth Korea0.7833333333333333
                                                  RT_MENU0x2a2ca40x78dataKoreanSouth Korea0.7833333333333333
                                                  RT_MENU0x2a2d1c0x6adataChineseChina0.7452830188679245
                                                  RT_MENU0x2a2d880x8cdata0.6857142857142857
                                                  RT_MENU0x2a2e140x22dataChineseTaiwan1.1764705882352942
                                                  RT_MENU0x2a2e380x4adataGermanGermany0.8378378378378378
                                                  RT_MENU0x2a2e840x34dataEnglishUnited States1.0
                                                  RT_MENU0x2a2eb80x3edataFrenchFrance0.9193548387096774
                                                  RT_MENU0x2a2ef80x42dataItalianItaly0.9545454545454546
                                                  RT_MENU0x2a2f3c0x28dataJapaneseJapan1.125
                                                  RT_MENU0x2a2f640x24dataKoreanNorth Korea1.1944444444444444
                                                  RT_MENU0x2a2f640x24dataKoreanSouth Korea1.1944444444444444
                                                  RT_MENU0x2a2f880x22dataChineseChina1.1764705882352942
                                                  RT_MENU0x2a2fac0x3cdata1.0166666666666666
                                                  RT_DIALOG0x2a2fe80x1a6dataChineseTaiwan0.5284360189573459
                                                  RT_DIALOG0x2a31900x1a6dataGermanGermany0.523696682464455
                                                  RT_DIALOG0x2a33380x1a6dataEnglishUnited States0.523696682464455
                                                  RT_DIALOG0x2a34e00x1a6dataFrenchFrance0.523696682464455
                                                  RT_DIALOG0x2a36880x1a6dataItalianItaly0.523696682464455
                                                  RT_DIALOG0x2a38300x19edataJapaneseJapan0.538647342995169
                                                  RT_DIALOG0x2a39d00x1a6dataKoreanNorth Korea0.5284360189573459
                                                  RT_DIALOG0x2a39d00x1a6dataKoreanSouth Korea0.5284360189573459
                                                  RT_DIALOG0x2a3b780x1a6dataChineseChina0.5260663507109005
                                                  RT_DIALOG0x2a3d200x1aedata0.5302325581395348
                                                  RT_DIALOG0x2a3ed00x140dataChineseTaiwan0.70625
                                                  RT_DIALOG0x2a40100x1d8dataGermanGermany0.5614406779661016
                                                  RT_DIALOG0x2a41e80x1cadataEnglishUnited States0.5633187772925764
                                                  RT_DIALOG0x2a43b40x1bcdataFrenchFrance0.5968468468468469
                                                  RT_DIALOG0x2a45700x18cdataItalianItaly0.6035353535353535
                                                  RT_DIALOG0x2a46fc0x162dataJapaneseJapan0.7457627118644068
                                                  RT_DIALOG0x2a48600x144dataKoreanNorth Korea0.7376543209876543
                                                  RT_DIALOG0x2a48600x144dataKoreanSouth Korea0.7376543209876543
                                                  RT_DIALOG0x2a49a40x138dataChineseChina0.6987179487179487
                                                  RT_DIALOG0x2a4adc0x1cedata0.5757575757575758
                                                  RT_DIALOG0x2a4cac0x2cadataChineseTaiwan0.5714285714285714
                                                  RT_DIALOG0x2a4f780x4cedataGermanGermany0.4056910569105691
                                                  RT_DIALOG0x2a54480x448dataEnglishUnited States0.39507299270072993
                                                  RT_DIALOG0x2a58900x4f8dataFrenchFrance0.3977987421383648
                                                  RT_DIALOG0x2a5d880x49cdataItalianItaly0.38813559322033897
                                                  RT_DIALOG0x2a62240x34edataJapaneseJapan0.5721040189125296
                                                  RT_DIALOG0x2a65740x32edataKoreanNorth Korea0.5675675675675675
                                                  RT_DIALOG0x2a65740x32edataKoreanSouth Korea0.5675675675675675
                                                  RT_DIALOG0x2a68a40x2c2dataChineseChina0.5722379603399433
                                                  RT_DIALOG0x2a6b680x48edata0.3936535162950257
                                                  RT_STRING0x2a6ff80xeedataChineseTaiwan0.5378151260504201
                                                  RT_STRING0x2a70e80x10adataGermanGermany0.5225563909774437
                                                  RT_STRING0x2a71f40x104dataEnglishUnited States0.5076923076923077
                                                  RT_STRING0x2a72f80x116dataFrenchFrance0.5215827338129496
                                                  RT_STRING0x2a74100x10cdataItalianItaly0.5111940298507462
                                                  RT_STRING0x2a751c0xfcdataJapaneseJapan0.5674603174603174
                                                  RT_STRING0x2a76180xf0dataKoreanNorth Korea0.5625
                                                  RT_STRING0x2a76180xf0dataKoreanSouth Korea0.5625
                                                  RT_STRING0x2a77080xeedataChineseChina0.542016806722689
                                                  RT_STRING0x2a77f80x116data0.5179856115107914
                                                  RT_STRING0x2a79100xdeMatlab v4 mat-file (little endian) Gr-N\011g, numeric, rows 0, columns 0ChineseTaiwan0.6891891891891891
                                                  RT_STRING0x2a79f00x204Matlab v4 mat-file (little endian) a, numeric, rows 0, columns 0GermanGermany0.4573643410852713
                                                  RT_STRING0x2a7bf40x1aaMatlab v4 mat-file (little endian) , numeric, rows 0, columns 0EnglishUnited States0.4624413145539906
                                                  RT_STRING0x2a7da00x20aMatlab v4 mat-file (little endian) n, numeric, rows 0, columns 0FrenchFrance0.4521072796934866
                                                  RT_STRING0x2a7fac0x1acMatlab v4 mat-file (little endian) n, numeric, rows 0, columns 0ItalianItaly0.4532710280373832
                                                  RT_STRING0x2a81580x116Matlab v4 mat-file (little endian) \3740\3230\3740\205Qn0\2710\2570\3520\3270\3100L0\237S\340Vg0 , numeric, rows 0, columns 0JapaneseJapan0.6438848920863309
                                                  RT_STRING0x2a82700x100Matlab v4 mat-file (little endian) , numeric, rows 0, columns 0KoreanNorth Korea0.796875
                                                  RT_STRING0x2a82700x100Matlab v4 mat-file (little endian) , numeric, rows 0, columns 0KoreanSouth Korea0.796875
                                                  RT_STRING0x2a83700xe0Matlab v4 mat-file (little endian) Gr-N\204v\320g*N\032\201,g\374[\364\201 , numeric, rows 0, columns 0ChineseChina0.6696428571428571
                                                  RT_STRING0x2a84500x1a8Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 00.5070754716981132
                                                  RT_STRING0x2a85f80x56Matlab v4 mat-file (little endian) \326S\201\211, numeric, rows 0, columns 0ChineseTaiwan0.5348837209302325
                                                  RT_STRING0x2a86500x110Matlab v4 mat-file (little endian) \344, numeric, rows 0, columns 0GermanGermany0.41544117647058826
                                                  RT_STRING0x2a87600xcaMatlab v4 mat-file (little endian) e, numeric, rows 0, columns 0EnglishUnited States0.45544554455445546
                                                  RT_STRING0x2a882c0x106Matlab v4 mat-file (little endian) h, numeric, rows 0, columns 0FrenchFrance0.44274809160305345
                                                  RT_STRING0x2a89340xfaMatlab v4 mat-file (little endian) e, numeric, rows 0, columns 0ItalianItaly0.384
                                                  RT_STRING0x2a8a300x8eMatlab v4 mat-file (little endian) \2420\3030\3270\3550\3740\3110Y0\2130\3250\2410\2440\3530\2220x\220\236bW0~0Y0 , numeric, rows 0, columns 0JapaneseJapan0.5
                                                  RT_STRING0x2a8ac00x7cdataKoreanNorth Korea0.6290322580645161
                                                  RT_STRING0x2a8ac00x7cdataKoreanSouth Korea0.6290322580645161
                                                  RT_STRING0x2a8b3c0x5cMatlab v4 mat-file (little endian) \351b\201\211, numeric, rows 0, columns 0ChineseChina0.4891304347826087
                                                  RT_STRING0x2a8b980x138Matlab v4 mat-file (little endian) e, numeric, rows 0, columns 00.4166666666666667
                                                  RT_STRING0x2a8cd00x52dataChineseTaiwan0.8536585365853658
                                                  RT_STRING0x2a8d240xaadataGermanGermany0.6
                                                  RT_STRING0x2a8dd00x98dataEnglishUnited States0.6052631578947368
                                                  RT_STRING0x2a8e680xd6dataFrenchFrance0.5373831775700935
                                                  RT_STRING0x2a8f400xaadataItalianItaly0.5764705882352941
                                                  RT_STRING0x2a8fec0x70dataJapaneseJapan0.7857142857142857
                                                  RT_STRING0x2a905c0x58dataKoreanNorth Korea0.8977272727272727
                                                  RT_STRING0x2a905c0x58dataKoreanSouth Korea0.8977272727272727
                                                  RT_STRING0x2a90b40x52dataChineseChina0.8048780487804879
                                                  RT_STRING0x2a91080xc8data0.54
                                                  RT_ACCELERATOR0x2a91d00x80dataEnglishUnited States0.6875
                                                  RT_GROUP_CURSOR0x2a92500x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States1.0294117647058822
                                                  RT_GROUP_CURSOR0x2a92740x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States1.0
                                                  RT_GROUP_CURSOR0x2a92980x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                  RT_GROUP_ICON0x2a92ac0x126data0.5544217687074829
                                                  RT_GROUP_ICON0x2a93d40x102dataEnglishUnited States0.6046511627906976
                                                  RT_GROUP_ICON0x2a94d80xaedataEnglishUnited States0.6206896551724138
                                                  RT_GROUP_ICON0x2a95880x84dataEnglishUnited States0.6363636363636364
                                                  RT_VERSION0x2a960c0x3c4dataEnglishUnited States0.4221991701244813
                                                  RT_DLGINCLUDE0x2a99d00x6dc36PC bitmap, Windows 3.x format, 56374 x 2 x 44, image size 450306, cbSize 449590, bits offset 540.6995529259992438
                                                  RT_ANIICON0x3176080xe52ePC bitmap, Windows 3.x format, 7462 x 2 x 45, image size 58788, cbSize 58670, bits offset 540.3828532469746037
                                                  RT_ANIICON0x325b380xadb5PC bitmap, Windows 3.x format, 6091 x 2 x 54, image size 44877, cbSize 44469, bits offset 540.3292181069958848
                                                  RT_ANIICON0x3308f00xc408PC bitmap, Windows 3.x format, 6487 x 2 x 36, image size 50833, cbSize 50184, bits offset 540.3397895743663319
                                                  RT_ANIICON0x33ccf80x3251cPC bitmap, Windows 3.x format, 26260 x 2 x 36, image size 206180, cbSize 206108, bits offset 540.4970597938944631
                                                  RT_ANIICON0x36f2140x2d4bfPC bitmap, Windows 3.x format, 23999 x 2 x 52, image size 185728, cbSize 185535, bits offset 540.4973832430538712
                                                  DLLImport
                                                  WSOCK32.dllsetsockopt, gethostbyname, htonl, ioctlsocket, htons, WSAStartup, ntohl, WSACleanup
                                                  WININET.dllHttpQueryInfoA
                                                  CRYPT32.dllCertFreeCertificateContext, CertVerifySubjectCertificateContext, CertFindCertificateInStore, CertCreateCertificateContext, CryptGetMessageCertificates, CryptVerifyMessageSignature, CertCloseStore
                                                  VERSION.dllGetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA
                                                  WINMM.dllwaveInStop, waveInAddBuffer, waveInStart, waveInGetNumDevs, waveOutGetNumDevs, waveInClose, waveOutGetDevCapsA, waveOutPrepareHeader, waveOutWrite, waveOutReset, waveOutUnprepareHeader, waveInReset, waveInUnprepareHeader, waveInPrepareHeader, waveInOpen, waveInGetDevCapsA, timeGetTime, waveOutClose, waveOutOpen, timeKillEvent, timeSetEvent, timeGetDevCaps, timeBeginPeriod, timeEndPeriod
                                                  KERNEL32.dllGetSystemInfo, GetUserDefaultLangID, ExitThread, GlobalFree, GetFileAttributesA, GetFileAttributesW, LockResource, LoadResource, FindResourceExA, FindResourceExW, GlobalAlloc, CreateThread, GetTimeZoneInformation, GetSystemTime, SystemTimeToFileTime, DeleteFileA, DeleteFileW, MoveFileA, VirtualQuery, RemoveDirectoryA, RemoveDirectoryW, CreateDirectoryA, CreateDirectoryW, CreateFileA, CreateFileW, ReadFile, WriteFile, GetTempFileNameA, GetTempPathA, GetTempFileNameW, GetTempPathW, SetFilePointer, GetFileSize, GetFileAttributesExA, GetFileAttributesExW, FindFirstFileA, FindFirstFileW, FindNextFileA, FindNextFileW, FindClose, GetSystemDirectoryA, GetModuleFileNameA, MoveFileExA, CreateMutexA, ReleaseMutex, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, WaitForSingleObject, WideCharToMultiByte, GlobalUnlock, GlobalLock, IsDBCSLeadByteEx, lstrlenA, SetEndOfFile, CopyFileA, CopyFileW, GetModuleFileNameW, GetCommandLineW, ExitProcess, GetModuleHandleA, GetCommandLineA, GetProcessTimes, GetCurrentProcess, CreateEventA, SetEvent, TlsAlloc, SetThreadPriority, InterlockedIncrement, InterlockedDecrement, ResetEvent, WaitForMultipleObjects, VirtualFree, VirtualAlloc, GetThreadPriority, GetCurrentThread, GetSystemDefaultLangID, FreeLibrary, GetLastError, GetStartupInfoA, CreateProcessA, CloseHandle, LCMapStringW, LCMapStringA, GetTickCount, GetCurrentThreadId, GetLocaleInfoA, SetErrorMode, LoadLibraryA, GetProcAddress, QueryPerformanceCounter, QueryPerformanceFrequency, IsDBCSLeadByte, GetACP, GetCPInfo, MultiByteToWideChar, GetVersionExA, InterlockedExchange, InterlockedCompareExchange, Sleep, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, HeapAlloc, GetProcessHeap, MoveFileW, HeapFree
                                                  USER32.dllGetSubMenu, LoadMenuA, SetTimer, KillTimer, GetClientRect, ScreenToClient, GetCursorPos, SetCursor, LoadCursorA, EndPaint, BeginPaint, GetMenu, DestroyWindow, GetFocus, WindowFromPoint, GetCapture, ReleaseCapture, SetCapture, TrackPopupMenu, ClientToScreen, DeleteMenu, GetMenuItemID, IsWindow, DefWindowProcA, GetWindowLongA, CreateWindowExA, RegisterClipboardFormatA, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, SetClipboardData, EmptyClipboard, InsertMenuA, InsertMenuW, RemoveMenu, GetWindow, UnregisterClassA, LoadStringW, MoveWindow, SetMenu, UpdateWindow, ShowWindow, SetDlgItemTextA, SetDlgItemTextW, EnableWindow, GetDlgItemTextA, GetWindowTextLengthA, DestroyMenu, GetWindowTextLengthW, PostQuitMessage, GetMenuStringA, GetMenuStringW, RegisterClassA, DispatchMessageA, TranslateMessage, TranslateAcceleratorA, GetMessageA, LoadAcceleratorsA, PostThreadMessageA, GetQueueStatus, PeekMessageA, MsgWaitForMultipleObjects, RegisterWindowMessageA, SystemParametersInfoA, DialogBoxIndirectParamW, DialogBoxIndirectParamA, PostMessageA, EndDialog, SetWindowLongA, GetParent, GetWindowRect, GetDesktopWindow, SetWindowPos, LoadIconA, GetDlgItem, SendMessageA, SetWindowTextA, SetFocus, GetMenuItemCount, GetMenuItemInfoA, GetSystemMetrics, InsertMenuItemA, DdeInitializeA, DdeCreateStringHandleA, DdeConnect, DdeClientTransaction, DdeDisconnect, DdeFreeStringHandle, DdeUninitialize, SendInput, GetKeyboardLayout, GetDC, ReleaseDC, GetDoubleClickTime, LoadStringA, EnableMenuItem, CheckMenuItem, InvalidateRect, WaitForInputIdle, MapVirtualKeyA, FillRect, GetKeyState, DialogBoxParamW, DialogBoxParamA, GetDlgItemTextW, MessageBoxA
                                                  GDI32.dllGetTextMetricsA, GetClipRgn, SetTextColor, ExtTextOutW, ExtTextOutA, CreateRectRgn, GetTextAlign, GetBkMode, GetTextColor, EnumFontFamiliesA, SetTextCharacterExtra, BeginPath, EndPage, DPtoLP, FillPath, ExtCreatePen, StrokePath, EndDoc, StartDocA, LPtoDP, CreateSolidBrush, GetClipBox, GetSystemPaletteEntries, CreatePalette, GetTextExtentPoint32A, CreatePen, GetBkColor, SetBkColor, GetCurrentObject, GetTextExtentPoint32W, EndPath, SetPolyFillMode, MoveToEx, LineTo, PolyBezierTo, SelectClipPath, SaveDC, RestoreDC, GdiFlush, DeleteObject, SelectObject, StretchDIBits, SetDIBitsToDevice, CreateCompatibleBitmap, GetObjectA, CreateCompatibleDC, DeleteDC, CreateDIBSection, GetDeviceCaps, BitBlt, RealizePalette, SelectPalette, GetStockObject, CreateFontIndirectA, SetBkMode, SetTextAlign, IntersectClipRect, SelectClipRgn, StartPage
                                                  comdlg32.dllGetOpenFileNameA, PrintDlgA, GetOpenFileNameW, GetSaveFileNameW, CommDlgExtendedError, GetSaveFileNameA
                                                  ADVAPI32.dllRegCloseKey, RegQueryValueExA, RegOpenKeyExA, RegQueryValueExW, RegOpenKeyExW, RegSetValueExA, RegCreateKeyA, RegSetValueA
                                                  SHELL32.dllDragQueryFileA, DragAcceptFiles, SHBrowseForFolderA, SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHAppBarMessage, DragQueryFileW
                                                  ole32.dllCoTaskMemAlloc, CoFreeUnusedLibraries, CoInitialize, CoUninitialize, CoCreateInstance, CoTaskMemFree
                                                  Language of compilation systemCountry where language is spokenMap
                                                  EnglishUnited States
                                                  ChineseTaiwan
                                                  GermanGermany
                                                  FrenchFrance
                                                  ItalianItaly
                                                  JapaneseJapan
                                                  KoreanNorth Korea
                                                  KoreanSouth Korea
                                                  ChineseChina
                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                  2024-12-04T16:51:24.056703+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1104.37.175.2327716192.168.2.949747TCP
                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Dec 4, 2024 16:51:22.599395990 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:22.719227076 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:22.719304085 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:22.719475985 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:22.839297056 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:23.934312105 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:23.936829090 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:24.056703091 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.289428949 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.298584938 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:24.418426037 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.668142080 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.668277979 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.668350935 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:24.668785095 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.668798923 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.668850899 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:24.669786930 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.669800997 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.669855118 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:24.670694113 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.670717955 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.670862913 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:24.671582937 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.676496029 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.676578999 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:24.679256916 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.679346085 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.679419994 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:24.788125992 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.836850882 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:24.859983921 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.860090017 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.860229015 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:24.863622904 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.865052938 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.865164042 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:24.865240097 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.872766972 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.872838020 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:24.872880936 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.878602982 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.878830910 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.878907919 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:24.886286974 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.886503935 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.886574030 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:24.893999100 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.894182920 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.894272089 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:24.901946068 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.902180910 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.902264118 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:24.909282923 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.909475088 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.909547091 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:24.916959047 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.917160034 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.917227983 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:24.924631119 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.924810886 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.924882889 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:24.932305098 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.932476044 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.932538033 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:24.956608057 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.956773996 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:24.956850052 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.051913023 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.052123070 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.052210093 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.055979013 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.056246996 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.056428909 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.063421011 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.063615084 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.063683033 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.071074963 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.071290970 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.071351051 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.078476906 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.078675985 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.078759909 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.085958004 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.086182117 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.086236954 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.093261957 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.093476057 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.093537092 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.097996950 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.098203897 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.098257065 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.102941036 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.103116989 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.103178024 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.107372999 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.107599020 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.107649088 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.112134933 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.112325907 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.112380028 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.116925955 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.117085934 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.117140055 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.121575117 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.121776104 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.121825933 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.126358986 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.126553059 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.126600981 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.130995035 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.131203890 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.131261110 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.135694027 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.135950089 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.136012077 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.140423059 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.140630007 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.140691996 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.145170927 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.145373106 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.145423889 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.149905920 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.150146008 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.150216103 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.154612064 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.154813051 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.155025959 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.159373045 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.159533978 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.159583092 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.171911955 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.172121048 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.172189951 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.174326897 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.174540043 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.174592972 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.179085970 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.179424047 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.179481983 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.243859053 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.243984938 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.244035959 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.245242119 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.245429039 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.245476961 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.249619961 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.249825954 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.249885082 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.254018068 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.254303932 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.254350901 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.258496046 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.258757114 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.258819103 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.262718916 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.262943983 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.263000965 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.266812086 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.267018080 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.267065048 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.270776987 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.270972967 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.271018982 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.274513960 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.274884939 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.274925947 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.278805017 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.279093027 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.279134989 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.282052994 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.282186031 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.282239914 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.285427094 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.285646915 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.285712004 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.289562941 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.289952040 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.290011883 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.292278051 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.292423010 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.292473078 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.295500040 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.295708895 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.295767069 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.298903942 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.299118996 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.299174070 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.300892115 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.301253080 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.301314116 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.302846909 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.303155899 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.303247929 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.304781914 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.304996014 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.305058002 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.306730032 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.306936026 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.307003975 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.308672905 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.308892965 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.308947086 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.310636997 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.310812950 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.310869932 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.312650919 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.312839985 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.312906981 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.314654112 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.314940929 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.314997911 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.317117929 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.317300081 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.317363977 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.319125891 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.319309950 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.319376945 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.321055889 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.321221113 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.321280003 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.322712898 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.322896957 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.322962999 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.324338913 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.324486971 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.324541092 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.326258898 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.326481104 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.326536894 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.328135967 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.328361034 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.328416109 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.330122948 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.330328941 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.330388069 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.332068920 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.332268000 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.332356930 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.334007978 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.334217072 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.334275961 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.336004972 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.336188078 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.336239100 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.337923050 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.338131905 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.338187933 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.339813948 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.394840956 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.438705921 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.438932896 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.438977957 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.439637899 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.439944983 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.439991951 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.441580057 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.441807985 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.441848040 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.443497896 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.443695068 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.443739891 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.445441008 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.445632935 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.445681095 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.448442936 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.449301958 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.449343920 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.449765921 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.449779034 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.449831009 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.450714111 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.450994968 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.451040030 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.452493906 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.452641964 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.452685118 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.454165936 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.454370975 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.454411983 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.455801964 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.456075907 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.456125021 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.457397938 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.457700014 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.457741976 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.459563971 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.459695101 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.459738016 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.460725069 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.460943937 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.461004019 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.462199926 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.462414026 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.462454081 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.463705063 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.463937998 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.463994026 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.465285063 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.465440989 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.465483904 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.466773033 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.467001915 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.467047930 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.468358040 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.468585968 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.468647957 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.470010996 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.470191956 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.470232964 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.471465111 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.471657038 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.471698999 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.472975969 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.473201990 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.473239899 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.474509954 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.474739075 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.474781990 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.476053953 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.476264000 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.476305008 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.477585077 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.477794886 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.477848053 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.479130030 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.479341984 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.479386091 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.480736971 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.480921030 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.480957031 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.482255936 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.482467890 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.482515097 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.483803988 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.484016895 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.484055996 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.485330105 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.485560894 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.485600948 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.486991882 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.487236977 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.487282991 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.488460064 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.488706112 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.488749027 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.489999056 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.490212917 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.490252018 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.491772890 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.492024899 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.492070913 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.493145943 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.493345976 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.493386030 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.494573116 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.494824886 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.494872093 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.496145010 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.496361017 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.496402979 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.498102903 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.498488903 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.498534918 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.499349117 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.499596119 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.499633074 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.501487970 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.501797915 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.501840115 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.503103971 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.503232956 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.503278971 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.504369020 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.504543066 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.504582882 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.505731106 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.505882978 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.505930901 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.507232904 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.507440090 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.507482052 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.508497000 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.508692026 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.508735895 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.510040045 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.510277987 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.510325909 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.511593103 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.511838913 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.511879921 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.513173103 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.513379097 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.513422966 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.514637947 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.514890909 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.514931917 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.516213894 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.516417027 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.516463041 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.518585920 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.519500017 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.519540071 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.519587040 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.520036936 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.520076990 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.520839930 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.521030903 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.521070957 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.630492926 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.630716085 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.630757093 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.631028891 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.631434917 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.631477118 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.632333994 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.632565975 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.632606983 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.633667946 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.633888960 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.633929968 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.634926081 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.635118008 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.635160923 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.636224031 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.636431932 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.636466980 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.637465000 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.637751102 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.637794018 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.638832092 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.639137030 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.639179945 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.639947891 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.640302896 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.640343904 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.641206980 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.641418934 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.641458988 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.642417908 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.642677069 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.642724991 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.643640041 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.643837929 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.643881083 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.644906044 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.645118952 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.645159006 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.646008015 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.646260977 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.646306992 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.647548914 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.647661924 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.647699118 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.648415089 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.648624897 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.648674011 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.649619102 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.649831057 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.649869919 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.650819063 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.651031971 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.651077986 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.652009964 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.652234077 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.652275085 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.653191090 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.653424978 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.653465033 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.655405045 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.655606985 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.655653000 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.656040907 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.656053066 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.656090975 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.656790972 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.657212973 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.657255888 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.658030033 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.658205032 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.658258915 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.659174919 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.659521103 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.659558058 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.660430908 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.660674095 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.660713911 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.661565065 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.661778927 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.661817074 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.662750006 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.662949085 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.662990093 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.663958073 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.664207935 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.664247990 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.665143013 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.665326118 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.665358067 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.667118073 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.667506933 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.667548895 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.667928934 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.667942047 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.667990923 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.668751955 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.669097900 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.669141054 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.669939041 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.670178890 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.670216084 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.671129942 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.671350956 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.671387911 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.672350883 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.672550917 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.672594070 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.673556089 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.673782110 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.673819065 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.674714088 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.674916983 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.674954891 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.675884008 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.676122904 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.676157951 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.677128077 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.677341938 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.677376032 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.678287983 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.678611994 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.678653955 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.679452896 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.679667950 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.679706097 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.680691004 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.680898905 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.680944920 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.681869984 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.682074070 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.682121992 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.683079004 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.683295012 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.683335066 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.684293985 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.684470892 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.684508085 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.685453892 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.685667992 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.685705900 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.686635017 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.686882019 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.686922073 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.687839031 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.688054085 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.688096046 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.689002037 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.689430952 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.689479113 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.690469027 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.690973997 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.691023111 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.691471100 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.691874027 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.691924095 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.692632914 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.692874908 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.692919016 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.693782091 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.754230022 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.822586060 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.822912931 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.822923899 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.822978020 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.823268890 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.823317051 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.824044943 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.824239969 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.824280024 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.825150013 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.825371027 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.825413942 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.826329947 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.826476097 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.826518059 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.827429056 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.827646971 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.827694893 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.828521013 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.828739882 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.828784943 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.829682112 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.829894066 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.829938889 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.830821037 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.831058025 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.831106901 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.832146883 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.832374096 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.832415104 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.836416006 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.836628914 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.836642027 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.836677074 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.837428093 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.837440968 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.837471962 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.838284016 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.838295937 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.838321924 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.839122057 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.839158058 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.839426041 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.839437962 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.839484930 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.840243101 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.840262890 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.840300083 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.841075897 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.841089010 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.841133118 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.841830015 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.841842890 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.841891050 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.842709064 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.843014956 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.843063116 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.843401909 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.843832016 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.843883991 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.844429970 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.844643116 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.844682932 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.845551014 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.845772982 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.845812082 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.846731901 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.846934080 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.846976995 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.847846985 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.848059893 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.848104000 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.849010944 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.849251032 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.849298000 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.850199938 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.850403070 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.850456953 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.851244926 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.851463079 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.851520061 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.852399111 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.852602959 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.852655888 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.853521109 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.853744984 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.853795052 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.854753017 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.854944944 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.854988098 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.855824947 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.856040955 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.856086969 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.856956005 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.857189894 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.857234955 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.858095884 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.858494997 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.858557940 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.859214067 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.859404087 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.859446049 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.860411882 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.860558987 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.860605001 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.861551046 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.861757994 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.861797094 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.862605095 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.862817049 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.862859011 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.863739014 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.863945007 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.863986969 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.864892960 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.865102053 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.865174055 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.866012096 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.866444111 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.866530895 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.867132902 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.867351055 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.867394924 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.868294954 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.868499994 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.868536949 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.869405985 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.869668961 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.869714975 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.870585918 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.870783091 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.870830059 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.871805906 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.872150898 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.872195005 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.872961998 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.873162985 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.873205900 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.873960018 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.874181032 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.874223948 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.875104904 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.875302076 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.875344038 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.876277924 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.876472950 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.876508951 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.877341986 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.877568007 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.877609015 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.878551960 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.878768921 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.878813028 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.879767895 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.880012989 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.880062103 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.880759001 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.881164074 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.881208897 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:25.881925106 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:25.957356930 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.014609098 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.014923096 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.014967918 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.015227079 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.015647888 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.015691042 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.016340017 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.016767979 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.016808987 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.017000914 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.018023968 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.018070936 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.018239021 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.019727945 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.019777060 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.020111084 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.020643950 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.020687103 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.020914078 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.021418095 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.021455050 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.021570921 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.022427082 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.022468090 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.022627115 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.023606062 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.023652077 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.023821115 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.024813890 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.024872065 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.025038004 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.025854111 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.025902033 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.025990963 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.027228117 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.027270079 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.027637959 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.028235912 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.028276920 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.028650999 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.029232979 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.029284000 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.029445887 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.030412912 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.030456066 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.030643940 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.031517029 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.031584024 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.031810999 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.032639980 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.032687902 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.032830954 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.034693003 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.034739017 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.035506964 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.036070108 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.036107063 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.037034035 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.037343979 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.037389040 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.040852070 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.041966915 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.041979074 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.041990995 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.042001963 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.042016983 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.042023897 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.042064905 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.042093992 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.042615891 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.042654991 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.042805910 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.043797970 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.043843031 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.043977022 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.044879913 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.044924974 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.045051098 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.046336889 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.046381950 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.046521902 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.047166109 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.047204018 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.047355890 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.048335075 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.048388958 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.048690081 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.049519062 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.049561977 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.049705982 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.050693989 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.050734997 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.050832033 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.051055908 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.051068068 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.051085949 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.051100016 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.051105976 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.051124096 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.052509069 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.052550077 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.052974939 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.053771973 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.053817034 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.054050922 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.054780960 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.054820061 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.054984093 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.055952072 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.055988073 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.056209087 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.057002068 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.057046890 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.057215929 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.058005095 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.058068991 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.058233976 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.059052944 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.059093952 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.059302092 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.060353994 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.060400963 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.060728073 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.061064959 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.061104059 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.061407089 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.062143087 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.062190056 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.062601089 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.063318014 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.063357115 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.063527107 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.064421892 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.064461946 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.064604044 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.065538883 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.065586090 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.065745115 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.066675901 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.066720009 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.066883087 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.067811012 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.067851067 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.068023920 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.069097996 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.069143057 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.069269896 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.070072889 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.070120096 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.070291996 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.071217060 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.071261883 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.071423054 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.072343111 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.072508097 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.072536945 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.073462963 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.073575974 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.073618889 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.144885063 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.208640099 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.208790064 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.208801985 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.208813906 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.208904982 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.208952904 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.210433960 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.210778952 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.211617947 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.211680889 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.211800098 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.211848974 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.212621927 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.212965965 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.213015079 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.213299990 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.213314056 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.213327885 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.213375092 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.213390112 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.214159012 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.214184999 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.214396954 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.215245008 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.215348005 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.215554953 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.215615988 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.216737032 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.217150927 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.217395067 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.217637062 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.218239069 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.218787909 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.218832016 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.218995094 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.219055891 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.219868898 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.220087051 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.220552921 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.221270084 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.221688032 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.221735001 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.222120047 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.222522974 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.222559929 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.223300934 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.223474979 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.223793030 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.224469900 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.224709988 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.224761963 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.225894928 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.226619005 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.227035999 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.227049112 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.227092981 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.227123976 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.227821112 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.228188992 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.228382111 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.228969097 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.229141951 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.229186058 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.230381966 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.230730057 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.230907917 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.231220007 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.231564999 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.231622934 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.232378960 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.232696056 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.233496904 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.233565092 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.233714104 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.233761072 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.234890938 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.235354900 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.235600948 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.235775948 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.236099958 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.236342907 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.236906052 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.237138033 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.237262964 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.238044977 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.238279104 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.238323927 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.239455938 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.239842892 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.239909887 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.240318060 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.240677118 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.240726948 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.241436005 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.241646051 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.243395090 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.243463993 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.243798971 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.243843079 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.244998932 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.245012045 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.245062113 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.245815992 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.245827913 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.245874882 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.246593952 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.246607065 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.246674061 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.247365952 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.247776985 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.248066902 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.249002934 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.249015093 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.249059916 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.249775887 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.250171900 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.250266075 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.250601053 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.251005888 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.251590014 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.252594948 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.253499985 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.253551006 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.254347086 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.254358053 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.254394054 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.255134106 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.255146980 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.255203009 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.255985022 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.255995989 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.256042957 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.256767035 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.257086992 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.257796049 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.258347988 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.258359909 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.258409977 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.259113073 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.259124994 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.259170055 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.259902954 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.260271072 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.260452032 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.260744095 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.261199951 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.261246920 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.262406111 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.262418985 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.262506008 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.263140917 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.263541937 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.263994932 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.264170885 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.264427900 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.264472008 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.265324116 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.267963886 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.268060923 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.270031929 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.399377108 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.399395943 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.399442911 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.400151968 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.400209904 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.400532961 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.400940895 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.401360035 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.401402950 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.401741028 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.401786089 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.402173996 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.403367043 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.403379917 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.403419018 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.404150009 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.404206038 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.404534101 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.405365944 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.405459881 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.406114101 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.406651974 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.406692982 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.407037020 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.407439947 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.407500982 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.407850981 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.409060955 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.409074068 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.409096003 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.410258055 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.410307884 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.410825968 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.411254883 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.411267042 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.411379099 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.412899971 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.412914038 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.412955999 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.413655043 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.414057016 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.414115906 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.415359020 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.415370941 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.415410995 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.416141987 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.416153908 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.416201115 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.416829109 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.416877985 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.417229891 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.418502092 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.418519974 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.418546915 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.419291019 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.419332981 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.419650078 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.420059919 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.420099974 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.420445919 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.421634912 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.421691895 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.422058105 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.422439098 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.422481060 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.422823906 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.423356056 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.423403025 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.423635006 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.424973011 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.424984932 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.425038099 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.425715923 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.425762892 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.426105022 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.427433968 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.427444935 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.427490950 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.428195000 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.428235054 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.428612947 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.429014921 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.429255962 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.429400921 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.430615902 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.430627108 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.430660009 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.431360960 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.431489944 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.431759119 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.432401896 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.432449102 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.432622910 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.433795929 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.433846951 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.434223890 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.434983015 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.435092926 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.435447931 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.436197996 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.436502934 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.436947107 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.437381029 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.437393904 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.437433004 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.438229084 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.438275099 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.438572884 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.439788103 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.439800978 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.439831018 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.440519094 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.440565109 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.440918922 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.441485882 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.441526890 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.441698074 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.442895889 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.442972898 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.443326950 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.444057941 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.444144964 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.444518089 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.445453882 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.445502996 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.446321964 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.446813107 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.446824074 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.446855068 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.447566032 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.447746038 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.447916031 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.449032068 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.449045897 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.449135065 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.449666023 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.449708939 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.450014114 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.450566053 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.450772047 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.450824976 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.452038050 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.452048063 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.452084064 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.452908039 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.452959061 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.453222990 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.453970909 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.454015970 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.454190969 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.455374002 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.455424070 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.455854893 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.456309080 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.456362963 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.456573963 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.457782030 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.457793951 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.457843065 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.458484888 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.458527088 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.591183901 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.591599941 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.591692924 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.591860056 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.592243910 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.593297005 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.593368053 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.593848944 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.593900919 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.594412088 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.594943047 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.595031977 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.595879078 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.595932007 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.595988989 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.596626043 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.597162008 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.597208023 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.598222017 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.598237991 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.598274946 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.599807978 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.599824905 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.599867105 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.600613117 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.600629091 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.600668907 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.603962898 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.603979111 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.603995085 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.604022026 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.604846954 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.604918003 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.605737925 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.606656075 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.607492924 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.607508898 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.607546091 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.607564926 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.608462095 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.608479977 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.608522892 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.610140085 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.610158920 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.611015081 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.611032009 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.611062050 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.611073971 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.611920118 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.612771034 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.612787962 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.612819910 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.613701105 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.613749027 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.614654064 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.615389109 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.616197109 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.616266012 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.616290092 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.616331100 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.617197990 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.617216110 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.617261887 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.618949890 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.618982077 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.619806051 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.619822025 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.619851112 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.619863033 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.620737076 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.621582985 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.621627092 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.622489929 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.623347044 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.623363018 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.623378038 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.623406887 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.623425961 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.625089884 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.625106096 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.625165939 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.626878977 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.626895905 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.627751112 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.627770901 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.627796888 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.627810001 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.628863096 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.629530907 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.629584074 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.630404949 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.631284952 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.631302118 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.631325960 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.631350040 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.631362915 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.633044958 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.633060932 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.633121967 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.633898973 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.633914948 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.633953094 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.635704041 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.635720968 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.635771036 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.636589050 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.637465000 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.637481928 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.637527943 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.638318062 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.638365030 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.639214993 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.639229059 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.639967918 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.640970945 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.640986919 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.641839981 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.641856909 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.641892910 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.641902924 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.643606901 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.643624067 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.643640995 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.643686056 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.644494057 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.644917965 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.645375013 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.646291018 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.646442890 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.647161961 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.647176981 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.647273064 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.648020029 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.648036003 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.648082018 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.648360968 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.648380995 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.649775028 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.649791956 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.649832010 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.651563883 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.651581049 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.651596069 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.651635885 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.652426958 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.653315067 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.653357029 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.654189110 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.654206991 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.654232979 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.655064106 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.655102015 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.655927896 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.655953884 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.656044960 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.657707930 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.657723904 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.657764912 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.658581972 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.658598900 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.658632994 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.659523010 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.754297018 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.757942915 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.766022921 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.792186022 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.792503119 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.792669058 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.793339968 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.794085979 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.794132948 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.795378923 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.795396090 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.795439005 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.797349930 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.797365904 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.797408104 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.798048019 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.798075914 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.798115969 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.799819946 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.799845934 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.799968958 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.801632881 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.801657915 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.801738977 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.802489996 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.803349972 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.803391933 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.804265976 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.805111885 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.805179119 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.806000948 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.806018114 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.806067944 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.807740927 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.807758093 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.807806015 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.809530020 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.809546947 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.809596062 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.810442924 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.811280966 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.811327934 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.812174082 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.813038111 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.813085079 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.813925982 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.813942909 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.814028025 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.814809084 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.814826012 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.814867020 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.815675020 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.815690994 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.815730095 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.816576958 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.816593885 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.816610098 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.816636086 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.817444086 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.817460060 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.817500114 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.818337917 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.818355083 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.818393946 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.819205046 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.819221973 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.819262981 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.820081949 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.820097923 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.820111990 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.820125103 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.820158005 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.820981026 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.820998907 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.821044922 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.821877003 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.821893930 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.821937084 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.822787046 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.822804928 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.822870016 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.823360920 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.823379040 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.823427916 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.824202061 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.824218988 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.824341059 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.824968100 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.824985027 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.825037003 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.825875044 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.825896978 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.825951099 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.826616049 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.826632977 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.826673031 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.827363014 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.827769995 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.827817917 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.828605890 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.828996897 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.829042912 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.829473972 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.829807997 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.829967022 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.830347061 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.830566883 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.830621004 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.832062960 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.832261086 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.832325935 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.833396912 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.833529949 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.834142923 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.834189892 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.834367990 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.834409952 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.835124016 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.835292101 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.836165905 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.836170912 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.836374998 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.837104082 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.837152004 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.837305069 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.837352991 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.838243008 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.838408947 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.839365959 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.839416981 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.839570045 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.839617014 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.840483904 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.840720892 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.840769053 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.841634035 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.841871977 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.842818022 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.842865944 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.843041897 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.843097925 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.843928099 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.844125032 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.844167948 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.845056057 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.845269918 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.846191883 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.846235991 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.846401930 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.846443892 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.847361088 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.847603083 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.847974062 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.848514080 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.848721981 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.849577904 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.849631071 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.849782944 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.849832058 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.850696087 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.850910902 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.851773977 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.851828098 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.984724998 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.984873056 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.984925032 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.985375881 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.985687971 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.985743046 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.986385107 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.986617088 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.986665964 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.987597942 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.987781048 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.987987041 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.988656998 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.988879919 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.989528894 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.989787102 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.990111113 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.990159035 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.991199017 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.991415024 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.991585016 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.992142916 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.992366076 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.992440939 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.993177891 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.993415117 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.993555069 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.994309902 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.994545937 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.994638920 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.995470047 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.995676994 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.995735884 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.996591091 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.996809006 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.996848106 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.997927904 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.998111010 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.998177052 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:26.998943090 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.999166012 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:26.999604940 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.000128031 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.000327110 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.000391006 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.001163960 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.001358032 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.001754999 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.002477884 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.002762079 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.002810955 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.003717899 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.003942013 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.003982067 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.004678011 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.004863977 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.004915953 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.005737066 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.005949974 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.006397009 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.006819010 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.007035971 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.008023024 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.008073092 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.008372068 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.008425951 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.009099960 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.009465933 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.009923935 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.010268927 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.010461092 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.011425972 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.011473894 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.012159109 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.012208939 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.012538910 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.012746096 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.013317108 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.013679981 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.013901949 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.014789104 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.014837027 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.014974117 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.015017986 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.015892982 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.016247034 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.017071009 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.017122984 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.017297983 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.017347097 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.018179893 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.018412113 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.018457890 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.019571066 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.019721985 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.020427942 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.020476103 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.020656109 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.020709038 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.021588087 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.021786928 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.021846056 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.022728920 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.022939920 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.023844004 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.023899078 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.024046898 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.024096012 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.024976969 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.025197983 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.025939941 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.026108980 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.026308060 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.027246952 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.027307987 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.027429104 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.027491093 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.028373003 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.028610945 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.028657913 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.029561996 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.029778957 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.029932022 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.030651093 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.030883074 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.031192064 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.031784058 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.032013893 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.032579899 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.032959938 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.033159018 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.033209085 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.034060001 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.034343958 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.034394026 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.035250902 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.035474062 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.035621881 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.036335945 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.036554098 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.036813974 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.037496090 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.037693024 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.037739992 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.038681030 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.039087057 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.039132118 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.039799929 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.040008068 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.040966034 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.041024923 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.041284084 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.041327953 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.042057991 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.042248011 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.042303085 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.043159008 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.043389082 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.044250011 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.044318914 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.176419973 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.176671028 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.176770926 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.176989079 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.177350044 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.177819967 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.177875996 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.178049088 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.178985119 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.179033041 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.179193020 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.179238081 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.180114985 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.180342913 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.180391073 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.181299925 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.181490898 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.181541920 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.182461977 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.182645082 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.182689905 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.183567047 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.183787107 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.183837891 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.184676886 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.184911013 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.184957027 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.185781956 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.186005116 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.186050892 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.186937094 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.187160969 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.187216043 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.188112020 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.188338041 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.188386917 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.189234018 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.189431906 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.189474106 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.190340042 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.190583944 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.190645933 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.191453934 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.191687107 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.192271948 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.192637920 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.192840099 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.192888975 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.193790913 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.194031954 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.194077969 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.194947004 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.195091963 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.195137978 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.195988894 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.196233988 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.196280003 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.197325945 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.197556973 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.197607040 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.198319912 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.198482990 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.198529005 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.199404955 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.199600935 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.199645996 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.200668097 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.200850964 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.200896978 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.201807976 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.201956987 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.202013016 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.202827930 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.203049898 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.203097105 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.203950882 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.204157114 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.204217911 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.205097914 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.205312014 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.205358982 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.206302881 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.206537962 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.206582069 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.207483053 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.207686901 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.207927942 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.208585024 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.208859921 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.209851027 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.209928036 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.210099936 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.210146904 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.210922956 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.211101055 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.211146116 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.211945057 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.212163925 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.212229013 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.213071108 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.213294983 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.213340998 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.214299917 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.215622902 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.215672016 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.215814114 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.215831041 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.215878010 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.216425896 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.216654062 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.216701984 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.217660904 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.217827082 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.217873096 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.218713045 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.218947887 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.218997002 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.219832897 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.220056057 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.220102072 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.220969915 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.221196890 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.221240044 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.222919941 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.223357916 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.223754883 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.223772049 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.223809958 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.223829031 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.224669933 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.225058079 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.225107908 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.225544930 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.225888968 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.225938082 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.226691008 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.226910114 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.226973057 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.227794886 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.228014946 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.228061914 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.228969097 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.229151964 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.229201078 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.230052948 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.230282068 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.230329990 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.231175900 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.231405020 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.231452942 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.232487917 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.232870102 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.232916117 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.233468056 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.233685017 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.233767033 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.234658957 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.234833956 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.234884024 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.235718012 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.257989883 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.258047104 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.368807077 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.368872881 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.369009018 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.369370937 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.369621992 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.369668007 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.370409966 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.370462894 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.370667934 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.371738911 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.371788025 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.371921062 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.374841928 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.374866009 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.374881983 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.374897957 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.374897957 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.374944925 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.375947952 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.376000881 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.376454115 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.377396107 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.377444983 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.377851963 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.379148960 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.379250050 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.379290104 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.380364895 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.380528927 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.380573988 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.381112099 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.381189108 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.381325006 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.381957054 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.382004023 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.382081985 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.383413076 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.383436918 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.383469105 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.384073973 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.384200096 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.384243965 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.385070086 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.385128021 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.385277033 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.386503935 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.386559010 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.387016058 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.387893915 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.387942076 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.388119936 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.389306068 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.389353037 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.389605999 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.390599012 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.390655994 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.390856028 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.392019033 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.392930031 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.392976046 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.393181086 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.393224955 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.393477917 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.393989086 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.394038916 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.394107103 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.394773960 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.394854069 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.394917965 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.395529032 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.395572901 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.395688057 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.398408890 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.398463011 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.399178028 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.399195910 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.399214029 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.399234056 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.399245977 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.399250031 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.399271011 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.399482012 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.399924994 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.400108099 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.400213003 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.400244951 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.401022911 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.401078939 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.401319027 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.401911974 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.401962996 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.402203083 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.402790070 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.402851105 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.402913094 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.403537989 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.403608084 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.403820992 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.404730082 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.404875994 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.404920101 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.405745029 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.405788898 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.405900002 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.406827927 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.407129049 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.407196045 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.408020973 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.408061981 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.408332109 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.409106970 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.409266949 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.409322023 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.410206079 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.410254955 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.410495043 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.411386013 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.411545992 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.411611080 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.412606001 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.412915945 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.412972927 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.413790941 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.413835049 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.413924932 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.414820910 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.414886951 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.415115118 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.416070938 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.416136980 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.416390896 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.417082071 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.417140961 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.417383909 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.418253899 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.418395996 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.418450117 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.419699907 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.419783115 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.419800043 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.420586109 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.420643091 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.420712948 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.421802044 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.421936035 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.421992064 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.422672033 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.422717094 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.422955036 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.424689054 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.424742937 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.425251007 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.426148891 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.426192045 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.426340103 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.426693916 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.426709890 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.426740885 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.427582979 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.427640915 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.427876949 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.428595066 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.432245016 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.435592890 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.561217070 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.561513901 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.561558962 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.562016964 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.562325954 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.562947035 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.562990904 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.563083887 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.563121080 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.564080954 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.564378023 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.564425945 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.565165997 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.565351963 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.565404892 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.566319942 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.566601038 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.567384005 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.567430019 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.567563057 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.567609072 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.568577051 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.568727016 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.568773031 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.569665909 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.569992065 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.570784092 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.570831060 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.571069002 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.571118116 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.571851969 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.572158098 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.572469950 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.573105097 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.573261023 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.573302031 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.573431015 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.573445082 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.574238062 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.574394941 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.574440002 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.575165033 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.575506926 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.576091051 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.576451063 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.576611042 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.576716900 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.577630043 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.577903032 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.577954054 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.578833103 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.578977108 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.579912901 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.579958916 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.580044031 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.580904961 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.581152916 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.581470013 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.581593037 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.582266092 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.582426071 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.582539082 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.583329916 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.583472013 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.584086895 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.584573030 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.584716082 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.585643053 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.585704088 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.585777998 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.585833073 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.586680889 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.586971998 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.587927103 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.587971926 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.588134050 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.588229895 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.589037895 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.589174032 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.590120077 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.590167046 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.590388060 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.590435982 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.591483116 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.591527939 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.592082024 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.592392921 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.592781067 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.592842102 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.593600035 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.593777895 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.594687939 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.594742060 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.594825029 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.594866991 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.595443010 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.595634937 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.595932961 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.596460104 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.596673012 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.599570990 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.599642992 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.599858999 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.599877119 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.599893093 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.599905968 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.599946022 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.600492954 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.600622892 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.601566076 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.601633072 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.601823092 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.601864100 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.602696896 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.602998972 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.603928089 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.603965998 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.604080915 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.604127884 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.604876995 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.605216026 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.606093884 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.606148005 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.606239080 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.606286049 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.607295990 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.607450962 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.607964039 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.608012915 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.608169079 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.608212948 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.610089064 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.610795021 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.610851049 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.610872984 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.611246109 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.611665010 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.611680984 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.611738920 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.611738920 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.612438917 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.612829924 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.613114119 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.613612890 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.613756895 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.613806963 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.614670992 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.614912033 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.615760088 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.615814924 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.616044998 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.617136955 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.617214918 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.617389917 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.617513895 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.618169069 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.618424892 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.619497061 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.619595051 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.619611025 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.619657040 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.620357037 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.752871990 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.753043890 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.753118038 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.753489017 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.753540039 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.753855944 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.754488945 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.754920006 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.754965067 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.755628109 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.755670071 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.755831003 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.756866932 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.757172108 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.757215023 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.757983923 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.758083105 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.758163929 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.759264946 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.759598970 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.759645939 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.760346889 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.760525942 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.760571957 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.761497021 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.761543036 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.761713982 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.762717009 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.762887955 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.762933016 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.763753891 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.763798952 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.764046907 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.764904976 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.765085936 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.765134096 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.765899897 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.765942097 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.766098022 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.767011881 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.767270088 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.767293930 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.768141031 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.768384933 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.768425941 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.769282103 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.769520998 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.769563913 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.770373106 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.770415068 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.770581007 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.771596909 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.771709919 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.771754980 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.772717953 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.772989035 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.773036957 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.773845911 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.773920059 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.774043083 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.774898052 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.775090933 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.775130033 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.776021004 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.776236057 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.776278973 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.777151108 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.777192116 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.777354002 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.778322935 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.778546095 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.778599024 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.779499054 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.779542923 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.779717922 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.780577898 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.780788898 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.780833006 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.781718969 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.781758070 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.781992912 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.782875061 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.783052921 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.783099890 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.784080029 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.784297943 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.784348965 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.785235882 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.785280943 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.785459042 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.786307096 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.786461115 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.786523104 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.787411928 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.787451982 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.787584066 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.788666964 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.788825989 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.788882971 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.789757967 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.789841890 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.789971113 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.790836096 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.791047096 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.791089058 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.792162895 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.792507887 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.792558908 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.793047905 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.793118954 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.793281078 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.794245005 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.794461012 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.794506073 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.795454025 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.795495987 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.795633078 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.796555996 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.796701908 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.796753883 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.797692060 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.797739029 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.797903061 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.799274921 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.799566031 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.799618959 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.800422907 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.800630093 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.800678968 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.801618099 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.801661968 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.801992893 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.802697897 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.802896976 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.802942038 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.803777933 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.803818941 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.803940058 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.804764986 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.804827929 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.805018902 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.805773973 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.806013107 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.806054115 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.806710958 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.806786060 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.806946039 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.807826042 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.808089972 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.808134079 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.808994055 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.809150934 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.809196949 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.810152054 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.810193062 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.810316086 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.811244965 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.811472893 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.811517954 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.812331915 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.815959930 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.925041914 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.944787025 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.944940090 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.945002079 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.945485115 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.945588112 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.946017027 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.946063995 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.946716070 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.946764946 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.947005033 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.947810888 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.948015928 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.948071957 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.949671030 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.949718952 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.950450897 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.950572014 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.950619936 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.950977087 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.951371908 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.951762915 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.951811075 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.952531099 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.952703953 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.952753067 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.953486919 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.953533888 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.953685999 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.954605103 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.954822063 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.954864025 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.955796003 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.955845118 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.956015110 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.956892014 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:27.956954956 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:27.957110882 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.018919945 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.044770002 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.044835091 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.045003891 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.064795971 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.065059900 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.065114975 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.138916016 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.139024019 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.139127016 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.139532089 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.139581919 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.139897108 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.140652895 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.140710115 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.141048908 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.141735077 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.141784906 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.141952038 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.142929077 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.142976046 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.143107891 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.144033909 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.144083023 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.144260883 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.145143032 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.145212889 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.145343065 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.146307945 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.146361113 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.146502018 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.147423029 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.147469044 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.147618055 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.148536921 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.148587942 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.148740053 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.149703026 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.149746895 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.149900913 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.150820017 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.150882959 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.151019096 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.151969910 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.152014017 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.152230024 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.153130054 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.153177977 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.153409958 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.154262066 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.154304028 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.154460907 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.155361891 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.155402899 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.155567884 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.156537056 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.156594038 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.156704903 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.157599926 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.157644987 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.158000946 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.158212900 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.158282995 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.159132004 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.159365892 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.159411907 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.160276890 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.160505056 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.160538912 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.161465883 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.161714077 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.161767006 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.162544012 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.162756920 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.162822962 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.163861990 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.163925886 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.163969994 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.164808035 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.165019989 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.165059090 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.166094065 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.166313887 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.166357994 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.167117119 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.167306900 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.167342901 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.168242931 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.168451071 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.168492079 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.169351101 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.169573069 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.169612885 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.170540094 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.170754910 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.170799017 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.171633005 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.171848059 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.171905994 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.172766924 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.172976017 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.173017979 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.173899889 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.174144030 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.174185991 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.175050974 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.175268888 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.175308943 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.176161051 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.176379919 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.176420927 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.177550077 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.177777052 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.177822113 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.178616047 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.178838015 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.178878069 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.179677010 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.179856062 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.179888964 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.180795908 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.180938005 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.180977106 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.181842089 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.182066917 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.182106018 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.183017969 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.183229923 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.183278084 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.184107065 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.184329033 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.184376955 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.185323000 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.185556889 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.185604095 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.186389923 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.186633110 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.186671019 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.187542915 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.187768936 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.187899113 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.188746929 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.189116955 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.189158916 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.189807892 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.190013885 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.190077066 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.191780090 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.191792965 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.191828966 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.192545891 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.192950010 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.192996979 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.193335056 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.193861961 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.193917036 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.194375038 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.194578886 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.194624901 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.195539951 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.195724010 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.195766926 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.196706057 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.196893930 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.196938038 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.197874069 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.198149920 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.198195934 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.198926926 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.199143887 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.199188948 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.200179100 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.200361013 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.200406075 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.201383114 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.201617002 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.201658964 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.202337980 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.202485085 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.202539921 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.203455925 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.203605890 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.203650951 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.204607964 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.204782009 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.204823971 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.205672979 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.205915928 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.205957890 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.206923962 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.207110882 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.207156897 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.207969904 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.208209038 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.208252907 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.209084988 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.209341049 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.209386110 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.210206985 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.210448027 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.210537910 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.211443901 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.211654902 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.211700916 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.212483883 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.212743044 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.212789059 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.213628054 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.213910103 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.213954926 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.214905024 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.215131998 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.215187073 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.215946913 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.216099977 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.216161013 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.217101097 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.217317104 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.217359066 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.218183041 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.218386889 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.218447924 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.219376087 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.219589949 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.219649076 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.220447063 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.221649885 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.221662998 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.221698046 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.221862078 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.221910000 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.222783089 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.223016977 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.223062038 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.223844051 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.224077940 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.224121094 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.224998951 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.225234985 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.225279093 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.226142883 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.226392984 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.226439953 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.227268934 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.227498055 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.227544069 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.228374004 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.228602886 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.228651047 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.229523897 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.229746103 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.229789972 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.230674982 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.230891943 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.230937958 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.231787920 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.232021093 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.232067108 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.233028889 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.233316898 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.233362913 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.234498024 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.236591101 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.236639977 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.236917973 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.236929893 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.236939907 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.236953020 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.236985922 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.237000942 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.237852097 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.238042116 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.238090038 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.239125013 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.239296913 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.239351034 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.240201950 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.240371943 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.240420103 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.241158962 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.241334915 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.241379976 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.242166996 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.242333889 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.242379904 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.363209963 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.364417076 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.483047009 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.483233929 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.483294964 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.483649015 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.483663082 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.483709097 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.484391928 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.484802961 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.484852076 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.485253096 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.485265017 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.485308886 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.486103058 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.486475945 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.486525059 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.486850977 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.486864090 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.486901045 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.487606049 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.487623930 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.487670898 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.488466024 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.488477945 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.488512993 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.489224911 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.489243031 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.489288092 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.490017891 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.490032911 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.490078926 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.490799904 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.490818024 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.490870953 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.491650105 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.491956949 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.491969109 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.492022038 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.492856026 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.492868900 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.492889881 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.493812084 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.493824959 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.493860006 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.494379997 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.494391918 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.494429111 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.495254040 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.495270967 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.495299101 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.496128082 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.496145010 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.496192932 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.497018099 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.497035980 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.497065067 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.497853041 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.497915030 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.497925997 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.497944117 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.497956991 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.498833895 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.498846054 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.498886108 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.499655962 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.499674082 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.499711990 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.500535965 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.500546932 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.500596046 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.501437902 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.501454115 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.501463890 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.501487017 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.502310991 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.502324104 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.502361059 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.503184080 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.503196001 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.503228903 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.504076004 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.504096031 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.504126072 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.504930019 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.504962921 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.504981995 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.505856037 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.505875111 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.505889893 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.505906105 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.505933046 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.506722927 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.506738901 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.506783009 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.507627010 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.507642984 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.507688999 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.508528948 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.508543968 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.508589983 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.509347916 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.509366989 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.509377956 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.509407997 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.510235071 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.510251045 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.510283947 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.511121035 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.511136055 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.511171103 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.512108088 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.512124062 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.512162924 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.512926102 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.512943029 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.512979984 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.513858080 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.513885975 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.513899088 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.513910055 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.513936043 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.514695883 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.514708996 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.514751911 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.515616894 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.515630960 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.515675068 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.516557932 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.516575098 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.516653061 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.517330885 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.517347097 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.517395020 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.518263102 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.518279076 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.518290043 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.518332005 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.519053936 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.519081116 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.519108057 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.519970894 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.519984961 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.520028114 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.520860910 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.520874977 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.520920038 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.521704912 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.521720886 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.521764994 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.522576094 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.522589922 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.522602081 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.522630930 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.522645950 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.523456097 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.523471117 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.523508072 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.524367094 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.524386883 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.524395943 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.524437904 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.525260925 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.525283098 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.525315046 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.526103973 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.526118994 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.526159048 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.526983023 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.527002096 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.527014017 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.527030945 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.527060986 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.527971983 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.527986050 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.528027058 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.528703928 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.528758049 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.528800011 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.529640913 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.529660940 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.529700994 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.530489922 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.530503988 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.530514002 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.530543089 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.531344891 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.531367064 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.531393051 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.532337904 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.532356977 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.532387018 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.533123970 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.533147097 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.533180952 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.534068108 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.534081936 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.534117937 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.534926891 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.534944057 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.534954071 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.534976006 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.534993887 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.535778046 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.535792112 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.535828114 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.536663055 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.536678076 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.536720037 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.537522078 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.537550926 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.537590981 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.538428068 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.538441896 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.538454056 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.538477898 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.539407969 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.539422989 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.539462090 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.540247917 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.540268898 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.540297031 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.541076899 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.541095972 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.541135073 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.542001963 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.542016029 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.542047977 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.542836905 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.542851925 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.542861938 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.542884111 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.542898893 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.543862104 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.543875933 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.543920040 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.544606924 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.544620991 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.544662952 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.545476913 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.545490026 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.545591116 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.546318054 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.546353102 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.546365023 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.546391964 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.547231913 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.547247887 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.547280073 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.548258066 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.548273087 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.548311949 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.549017906 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.549032927 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.549073935 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.549922943 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.549937963 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.549982071 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.550772905 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.550787926 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.550797939 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.550825119 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.550857067 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.551647902 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.551661968 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.551707029 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.552525997 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.552539110 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.552573919 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.553409100 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.553425074 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.553468943 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.554292917 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.554308891 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.554318905 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.554357052 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.555154085 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.555187941 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.555212975 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.556055069 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.556080103 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.556102991 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.556915998 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.556942940 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.556966066 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.557820082 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.557836056 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.557868004 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.558722019 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.558739901 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.558777094 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.559596062 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.559609890 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.559642076 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.560442924 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.560457945 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.560467958 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.560494900 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.560517073 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.561311007 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.561332941 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.561369896 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.562222958 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.562246084 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.562284946 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.563116074 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.563128948 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.563177109 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.563991070 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.564004898 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.564054012 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.564860106 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.564872980 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.564878941 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.564922094 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.565730095 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.565742970 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.565783978 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.566649914 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.566663980 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.566673040 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.566735983 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.713246107 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.713474989 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.713521004 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.713865995 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.713877916 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.713917971 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.714615107 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.715018988 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.715059996 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.715447903 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.715461969 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.715502024 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.716232061 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.716244936 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.716289997 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.717008114 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.717020988 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.717060089 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.717813015 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.717827082 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.717950106 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.718631029 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.718643904 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.718683958 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.719432116 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.719448090 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.719486952 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.720196962 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.720223904 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.720263004 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.721009970 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.721023083 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.721070051 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.721874952 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.721889019 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.721939087 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.722661018 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.722673893 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.722716093 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.723412991 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.723443985 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.723479986 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.724245071 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.724283934 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.724318981 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.724976063 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.725002050 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.725038052 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.725780010 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.725811005 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.725851059 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.726650953 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.726699114 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.726767063 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.727540970 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.727557898 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.727593899 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.728404999 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.728420019 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.728456974 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.729290962 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.729307890 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.729324102 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.729345083 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.730319023 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.730334997 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.730370998 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.731280088 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.731297016 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.731324911 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.732129097 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.732144117 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.732177019 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.732978106 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.732991934 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.733006001 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.733021021 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.733036041 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.733720064 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.733751059 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.733818054 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.734968901 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.734986067 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.735022068 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.735656023 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.735680103 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.735722065 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.736695051 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.736713886 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.736751080 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.737421036 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.737437963 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.737459898 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.737478018 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.738390923 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.738441944 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.738456964 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.739404917 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.739424944 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.739447117 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.740214109 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.740230083 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.740259886 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.741359949 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.741375923 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.741389036 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.741404057 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.741430998 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.742434978 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.742461920 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.742500067 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.743175030 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.743190050 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.743230104 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.743783951 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.743807077 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.743897915 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.744637966 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.744652987 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.744688988 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.745532036 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.745551109 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.745563030 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.745592117 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.746093988 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.746114016 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.746136904 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.746925116 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.746937990 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.746967077 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.747781992 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.747796059 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.747823954 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.748693943 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.748713970 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.748724937 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.748744011 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.748759031 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.749825001 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.749842882 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.749897003 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.750897884 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.750915051 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.750955105 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.751677036 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.751689911 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.751720905 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.752394915 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.752408028 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.752454042 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.753287077 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.754137039 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.754151106 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.754159927 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.754199982 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.754220963 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.755017996 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.755033016 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.755042076 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.755079031 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.905217886 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.905405045 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.905518055 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.905800104 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.906181097 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.906228065 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.906388998 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.906809092 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.906857967 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.907229900 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.907244921 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.907282114 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.908014059 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.908425093 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.908440113 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.908467054 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.909218073 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.909264088 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.909610033 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.909622908 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.909668922 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.910407066 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.910420895 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.910485983 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.911211967 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.911230087 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.911266088 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.911994934 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.912009001 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.912050962 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.912869930 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.912884951 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.912928104 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.913667917 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.913686037 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.913719893 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.914361954 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.914375067 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.914417028 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.915158033 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.915172100 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.915324926 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.916034937 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.916049957 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.916142941 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.916748047 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.916769028 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.916805029 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.917731047 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.917745113 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.917783976 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.918479919 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.918497086 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.918538094 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.919426918 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.919441938 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.919491053 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.920325041 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.920342922 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:28.920389891 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.920964956 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:28.921020031 CET497477716192.168.2.9104.37.175.232
                                                  Dec 4, 2024 16:51:29.040800095 CET771649747104.37.175.232192.168.2.9
                                                  Dec 4, 2024 16:51:29.040891886 CET771649747104.37.175.232192.168.2.9

                                                  Click to jump to process

                                                  Click to jump to process

                                                  Click to dive into process behavior distribution

                                                  Click to jump to process

                                                  Target ID:0
                                                  Start time:10:51:01
                                                  Start date:04/12/2024
                                                  Path:C:\Users\user\Desktop\PCrn0I0aO9.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Users\user\Desktop\PCrn0I0aO9.exe"
                                                  Imagebase:0x400000
                                                  File size:2'981'888 bytes
                                                  MD5 hash:2079CC699607E1946C94D546ECF70609
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:low
                                                  Has exited:true

                                                  Target ID:3
                                                  Start time:10:51:17
                                                  Start date:04/12/2024
                                                  Path:C:\Users\user\Desktop\PCrn0I0aO9.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Users\user\Desktop\PCrn0I0aO9.exe"
                                                  Imagebase:0x400000
                                                  File size:2'981'888 bytes
                                                  MD5 hash:2079CC699607E1946C94D546ECF70609
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Yara matches:
                                                  • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000003.00000003.1514526955.0000000000970000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000003.00000003.1516970411.0000000002F10000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000003.00000002.1523626974.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000003.00000003.1517158034.0000000003130000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                  Reputation:low
                                                  Has exited:true

                                                  Target ID:4
                                                  Start time:10:51:19
                                                  Start date:04/12/2024
                                                  Path:C:\Windows\SysWOW64\svchost.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Windows\System32\svchost.exe"
                                                  Imagebase:0x460000
                                                  File size:46'504 bytes
                                                  MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Yara matches:
                                                  • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1518227439.00000000029E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000004.00000003.1523303392.0000000005030000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000002.1610365109.0000000002F00000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                  • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000004.00000003.1523051052.0000000004E10000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                  Reputation:high
                                                  Has exited:true

                                                  Target ID:7
                                                  Start time:10:51:19
                                                  Start date:04/12/2024
                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7944 -s 408
                                                  Imagebase:0x8d0000
                                                  File size:483'680 bytes
                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  Target ID:8
                                                  Start time:10:51:28
                                                  Start date:04/12/2024
                                                  Path:C:\Windows\System32\fontdrvhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Windows\System32\fontdrvhost.exe"
                                                  Imagebase:0x7ff6791b0000
                                                  File size:827'408 bytes
                                                  MD5 hash:BBCB897697B3442657C7D6E3EDDBD25F
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:moderate
                                                  Has exited:true

                                                  Target ID:10
                                                  Start time:10:51:31
                                                  Start date:04/12/2024
                                                  Path:C:\Windows\System32\WerFault.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\WerFault.exe -u -p 8180 -s 136
                                                  Imagebase:0x7ff742020000
                                                  File size:570'736 bytes
                                                  MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  Reset < >

                                                    Execution Graph

                                                    Execution Coverage:0%
                                                    Dynamic/Decrypted Code Coverage:0%
                                                    Signature Coverage:7.8%
                                                    Total number of Nodes:51
                                                    Total number of Limit Nodes:0
                                                    execution_graph 33916 42b640 45 API calls 33922 40de70 26 API calls 33837 424870 OpenClipboard GetClipboardData GetClipboardData GetClipboardData CloseClipboard 33925 417273 28 API calls 33926 420670 16 API calls 33929 4c9670 GetCurrentThreadId GetKeyboardLayout GetLocaleInfoA 33839 4dc870 EnterCriticalSection LeaveCriticalSection 33935 4275fe 16 API calls 33842 4d8000 EndDoc 33936 40d210 46 API calls 33846 4fc810 InitializeCriticalSection 33941 408220 14 API calls 33848 401031 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection 33849 41d430 56 API calls 33950 4012c0 16 API calls 33953 40fad0 26 API calls 33852 4118d0 7 API calls 33854 4144de 34 API calls 33957 4086e0 19 API calls 33855 41d8e0 35 API calls 33856 4210e0 InterlockedCompareExchange Sleep InterlockedCompareExchange InterlockedExchange 33959 41bee8 19 API calls 33966 411a80 27 API calls 33967 40c290 QueryPerformanceCounter QueryPerformanceCounter 33867 427090 GetACP GetCPInfo 33869 401ca0 278 API calls 33970 40eaa0 28 API calls 33874 41b4b0 48 API calls 33973 41eab0 28 API calls 33979 4f9340 CoCreateInstance 33880 40d560 29 API calls 33982 417f61 29 API calls 33881 401170 12 API calls 33988 50af60 CoTaskMemAlloc 33826 4dc300 GetCommandLineA 33827 42c310 33826->33827 33886 40fd10 39 API calls 33823 44a710 33824 44a712 ExitProcess 33823->33824 33892 40d530 25 API calls 34000 41ef32 26 API calls 33893 40cdc0 17 API calls 34005 4ddfc0 64 API calls 34006 4263cc 18 API calls 33896 40d1d0 24 API calls 33898 41e5d0 GetSystemTime GetTimeZoneInformation 34007 42abd0 30 API calls 33902 41cde0 36 API calls 33905 412180 25 API calls 34014 4dd780 46 API calls 33908 428191 26 API calls

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 0 44a710-44a719 2 44a729 0->2 3 44a71b-44a727 0->3 4 44a73a-44a748 ExitProcess 2->4 3->4
                                                    APIs
                                                    • ExitProcess.KERNEL32(00000000), ref: 0044A748
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: ExitProcess
                                                    • String ID:
                                                    • API String ID: 621844428-399585960
                                                    • Opcode ID: 293620465462d170643fb551289f4f82b8ddd7fd95f4a21ffe41ffa866c1d984
                                                    • Instruction ID: 4153d7d145e48ef0bfada68ad49838f97c765877aadb4e058581a2a78d09dbec
                                                    • Opcode Fuzzy Hash: 293620465462d170643fb551289f4f82b8ddd7fd95f4a21ffe41ffa866c1d984
                                                    • Instruction Fuzzy Hash: E7E04F75E4A25CCEEB30CA56EC017B8B775EB94316F0040EBD54D96241C6344D958F56

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 5 44a6e0-44a6fa 6 44a6fc-44a706 5->6 7 44a708 5->7 8 44a712-44a719 6->8 7->8 9 44a729 8->9 10 44a71b-44a727 8->10 11 44a73a-44a748 ExitProcess 9->11 10->11
                                                    APIs
                                                    • ExitProcess.KERNEL32(00000000), ref: 0044A748
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: ExitProcess
                                                    • String ID:
                                                    • API String ID: 621844428-0
                                                    • Opcode ID: 301b0aacc8fca0e78445999e19763b72f532b71fd961c991c7f3581a4234fff3
                                                    • Instruction ID: 1ceb8dd2f8bb3b7ec6cf47d3eabd97270618131fd29c238ba72ea5f4f3f95bef
                                                    • Opcode Fuzzy Hash: 301b0aacc8fca0e78445999e19763b72f532b71fd961c991c7f3581a4234fff3
                                                    • Instruction Fuzzy Hash: 79F01C7494622DCEEF308F61C8457ACB7B0BB04315F1082EAC46D67780C3348E829F86

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 12 4dc300-4dc310 GetCommandLineA call 42c310
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CommandLine
                                                    • String ID:
                                                    • API String ID: 3253501508-0
                                                    • Opcode ID: 04003b1c6e78a75645abe312a21659dec6fb72e0dd25253600e7555adc4d96f0
                                                    • Instruction ID: 324ae4de550c7ee1837b525cc46cc1c53208b04041f71095fcaff5b360da8b69
                                                    • Opcode Fuzzy Hash: 04003b1c6e78a75645abe312a21659dec6fb72e0dd25253600e7555adc4d96f0
                                                    • Instruction Fuzzy Hash: 51B012788003A00E83717B3834455CE7FF50C1D2E43844A58FCC1A3315D61488975AFA

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 14 4d7960-4d796e 15 4d7977-4d797a 14->15 16 4d7970-4d7976 14->16 17 4d797c-4d7984 15->17 18 4d7985-4d7995 LoadLibraryA 15->18 19 4d7ad8-4d7aeb 18->19 20 4d799b-4d7aac GetProcAddress * 19 18->20 20->19 22 4d7aae-4d7ab5 20->22 23 4d7ab7-4d7ab9 22->23 24 4d7ad2 22->24 23->24 25 4d7abb-4d7ad1 23->25 24->19
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: WSAAsyncGetHostByName$WSAAsyncSelect$WSACancelAsyncRequest$WSACleanup$WSAGetLastError$WSAStartup$WSOCK32.DLL$accept$bind$closesocket$connect$htonl$htons$inet_addr$listen$recv$recvfrom$send$sendto$socket
                                                    • API String ID: 0-3677570488
                                                    • Opcode ID: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                                    • Instruction ID: 8c9ac86f1f98df4bb1f2f2f05f7a43d8bd4a8589446ea9a4d4fdb8b68f6288ad
                                                    • Opcode Fuzzy Hash: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                                    • Instruction Fuzzy Hash: 5031DE71D523646AD7206BB9EC19DEF3EACFBB6704B510517F000972A0EAF88458AF94

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 689 4d9ab0-4d9ab7 690 4d9abd-4d9ac0 689->690 691 4d9c1c-4d9c1d 689->691 690->691 692 4d9ac6-4d9ad4 690->692 693 4d9ada-4d9aeb call 4b8000 692->693 694 4d9ba3-4d9ba5 692->694 699 4d9c19-4d9c1b 693->699 700 4d9af1-4d9b14 call 421380 GlobalAlloc 693->700 696 4d9ba8-4d9bad 694->696 696->696 698 4d9baf-4d9bc2 GlobalAlloc 696->698 698->699 701 4d9bc4-4d9bcb GlobalLock 698->701 699->691 707 4d9b2e-4d9b3f call 52b380 700->707 708 4d9b16-4d9b28 GlobalLock call 4b81c0 GlobalUnlock 700->708 702 4d9bd0-4d9bd8 701->702 702->702 704 4d9bda-4d9bdb GlobalUnlock 702->704 706 4d9be1-4d9be3 704->706 710 4d9be9-4d9bf3 OpenClipboard 706->710 711 4d9be5-4d9be7 706->711 716 4d9b41-4d9b6b WideCharToMultiByte GlobalAlloc 707->716 717 4d9b90-4d9ba1 call 439d00 707->717 708->707 710->699 714 4d9bf5-4d9c03 EmptyClipboard 710->714 711->699 711->710 718 4d9c0a-4d9c0c 714->718 719 4d9c05-4d9c08 SetClipboardData 714->719 720 4d9b6d-4d9b70 GlobalLock 716->720 721 4d9b87-4d9b8d call 439d00 716->721 717->706 722 4d9c0e-4d9c11 SetClipboardData 718->722 723 4d9c13 CloseClipboard 718->723 719->718 725 4d9b76-4d9b7e 720->725 721->717 722->723 723->699 725->725 728 4d9b80-4d9b81 GlobalUnlock 725->728 728->721
                                                    APIs
                                                    • GlobalAlloc.KERNEL32(00002002,00000002), ref: 004D9B06
                                                    • GlobalLock.KERNEL32(00000000), ref: 004D9B17
                                                    • GlobalUnlock.KERNEL32(00000000), ref: 004D9B28
                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000001,00000000,00000000), ref: 004D9B51
                                                    • GlobalAlloc.KERNEL32(00002002,00000001), ref: 004D9B61
                                                    • GlobalLock.KERNEL32(00000000), ref: 004D9B70
                                                    • GlobalUnlock.KERNEL32(00000000), ref: 004D9B81
                                                    • GlobalAlloc.KERNEL32(00002002,00000003,?,?,?,00000000,0040D599,00000000,00000000), ref: 004D9BB8
                                                    • GlobalLock.KERNEL32(00000000), ref: 004D9BC5
                                                    • GlobalUnlock.KERNEL32(00000000), ref: 004D9BDB
                                                    • OpenClipboard.USER32(00000000), ref: 004D9BEB
                                                    • EmptyClipboard.USER32 ref: 004D9BF5
                                                    • SetClipboardData.USER32(0000000D,00000000), ref: 004D9C08
                                                    • SetClipboardData.USER32(00000001,00000000), ref: 004D9C11
                                                    • CloseClipboard.USER32 ref: 004D9C13
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: Global$Clipboard$AllocLockUnlock$Data$ByteCharCloseEmptyMultiOpenWide
                                                    • String ID:
                                                    • API String ID: 3392129136-0
                                                    • Opcode ID: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                                    • Instruction ID: e40826f6a6b6de4095afa5ba746f594757548e465f4129e7c784a6b23cc7d310
                                                    • Opcode Fuzzy Hash: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                                    • Instruction Fuzzy Hash: 7A41F371104302ABE3111B61BC99B277BFCAFA1B04F09041BF986D7341DA69EC09D7BA

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 778 416621-416631 779 416637-41663c 778->779 780 416b2e-416b35 778->780 779->780 781 416642-416651 call 49ad90 779->781 784 416653 781->784 785 416655-41665b 781->785 784->785 786 41666d-41667a call 4848b0 785->786 787 41665d-41666b call 4848b0 785->787 792 41667e-416682 786->792 787->792 793 416684-416688 792->793 794 4166bc-4166c1 792->794 793->794 797 41668a-416692 793->797 795 4166c3 794->795 796 4166c5-4166c9 794->796 795->796 799 41686a-41687b call 40cef0 796->799 800 4166cf-4166e7 call 463050 call 411870 796->800 797->794 798 416694-41669d 797->798 798->794 801 41669f-4166ac 798->801 809 4168a5-4168ae 799->809 810 41687d-416881 799->810 800->799 818 4166ed-4167be call 4c9000 call 40ceb0 call 4900f0 call 4c9000 call 40ceb0 call 4900f0 call 4c9000 call 40ceb0 call 4900f0 call 4c9000 call 40ceb0 call 4900f0 800->818 804 4166ba 801->804 805 4166ae-4166b2 801->805 804->794 805->804 808 4166b4-4166b8 805->808 808->794 808->804 813 4168b0-4168b5 809->813 814 4168c5-4168c9 809->814 810->809 812 416883-41688b 810->812 812->809 816 41688d-416895 812->816 813->814 817 4168b7-4168c0 call 40f880 813->817 819 416b0f-416b2b call 439d00 814->819 820 4168cf-4168d9 814->820 816->809 821 416897-4168a0 call 40f880 816->821 817->814 916 4167c0-4167d5 call 4c9000 818->916 917 4167d7-4167e7 call 4c9000 818->917 819->780 825 4168f9-41690e call 415860 820->825 826 4168db-4168f3 call 463050 call 411870 820->826 821->809 837 416af2-416b0e call 439d00 825->837 838 416914-416928 825->838 826->825 826->837 842 416940-416950 838->842 843 41692a-41693b call 4900f0 838->843 847 416952-416963 call 4900f0 842->847 848 416968-416978 842->848 858 416ab6-416ac8 call 4c9030 843->858 847->858 849 416990-4169a0 848->849 850 41697a-41698b call 4900f0 848->850 855 4169a2-4169b3 call 4900f0 849->855 856 4169b8-4169c8 849->856 850->858 855->858 863 4169e0-4169f0 856->863 864 4169ca-4169db call 4900f0 856->864 876 416ad7-416aec call 415860 858->876 877 416aca-416ad2 call 4900f0 858->877 869 4169f2-416a03 call 4900f0 863->869 870 416a08-416a18 863->870 864->858 869->858 870->858 872 416a1e-416a3b call 4900f0 call 48c060 870->872 890 416a3d-416a6d call 463070 call 490dd0 call 48c060 872->890 891 416a6f-416a79 call 4023b0 872->891 876->837 876->838 877->876 890->858 890->891 891->858 901 416a7b-416a86 call 411870 891->901 901->858 908 416a88-416a9e call 48c020 call 495630 901->908 908->858 921 416aa0-416ab3 call 4900f0 call 439d00 908->921 925 4167ec-416812 call 40ceb0 call 4900f0 916->925 917->925 921->858 933 416814-416827 call 495630 925->933 934 41683f-416852 call 495630 925->934 933->934 939 416829-41683c call 4900f0 call 439d00 933->939 934->799 940 416854-416867 call 4900f0 call 439d00 934->940 939->934 940->799
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: COMM$TALB$TCON$TIT2$TPE1$TRCK$TYER$album$artist$comment$genre$songname$track$year
                                                    • API String ID: 0-590896439
                                                    • Opcode ID: 58e90cd763c27353f5f737474b6cde04d51412e2af52a5f89d8bdd9097ff8991
                                                    • Instruction ID: 644f6fcce6cd6c0cf36f8c2a49984ad5006fbd26ddfeab9ab515d91a446fbcca
                                                    • Opcode Fuzzy Hash: 58e90cd763c27353f5f737474b6cde04d51412e2af52a5f89d8bdd9097ff8991
                                                    • Instruction Fuzzy Hash: 36D1F471204240ABDB14EA55C892BBB77E9AF84304F05482EF64587382EF7DDC49C7AA
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: _level$gfff$gfff$landscape$paperHeight$portrait$printAsBitmap$xMax$xMin$yMax$yMin
                                                    • API String ID: 0-188115620
                                                    • Opcode ID: dea08f720592daa481637ef8359b17615b2d3d0a0cce9d10a90a14ebba861c01
                                                    • Instruction ID: 70ff334641663e0afb433915ac50cfd4971647fdd0d0ab24e810831b83e0dab3
                                                    • Opcode Fuzzy Hash: dea08f720592daa481637ef8359b17615b2d3d0a0cce9d10a90a14ebba861c01
                                                    • Instruction Fuzzy Hash: 7C6290706047019FC714DF29D491AABB7E1FF88344F14896EF58A8B791DB38E884CB99
                                                    APIs
                                                    • OpenClipboard.USER32(00000000), ref: 004D9C27
                                                    • GetClipboardData.USER32(00000001), ref: 004D9C3A
                                                    • GetClipboardData.USER32(0000000D), ref: 004D9C42
                                                    • GetClipboardData.USER32(00000000), ref: 004D9C4B
                                                    • CloseClipboard.USER32 ref: 004D9C56
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: Clipboard$Data$CloseOpen
                                                    • String ID:
                                                    • API String ID: 464010812-0
                                                    • Opcode ID: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                                    • Instruction ID: 2f18cbc0f6c8a3dbd26954e8439ab7c802a903eab365c315afdcc22c9d276e9e
                                                    • Opcode Fuzzy Hash: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                                    • Instruction Fuzzy Hash: 41E09AB230022517EB9026BA6C4CF97A2EC9F54F90F050123F604C6340E6A6CC0457B1
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $K$gfff$gfff$gfff
                                                    • API String ID: 0-1048959944
                                                    • Opcode ID: d12f4ee0db7e837eeaddada9b02ab57d1ed414e4daef55ec7281e1621cc72c7d
                                                    • Instruction ID: 9d2a5138eda07fb78ed16dc27847904d5eff4784a57d1f73a6c8b6feaa4118fd
                                                    • Opcode Fuzzy Hash: d12f4ee0db7e837eeaddada9b02ab57d1ed414e4daef55ec7281e1621cc72c7d
                                                    • Instruction Fuzzy Hash: 91426DB06083558FC728CF19D590A6BBBE5BFC8304F44895EF88A8B352D738D945CB96
                                                    APIs
                                                    • GetCurrentThreadId.KERNEL32 ref: 004C9674
                                                    • GetKeyboardLayout.USER32(00000000), ref: 004C967B
                                                    • GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,?,?,004D9D12,?,000000FF), ref: 004C9693
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CurrentInfoKeyboardLayoutLocaleThread
                                                    • String ID:
                                                    • API String ID: 4094687451-0
                                                    • Opcode ID: 1ddd6823bd2bc3ee9e8a39c3bbd18c243f80e9d84aa9d73e1ce1e55aef709746
                                                    • Instruction ID: c18c3e67b2d418a81a9ed34cd04b46ff7c576915d0efad72319c368f8fc6f991
                                                    • Opcode Fuzzy Hash: 1ddd6823bd2bc3ee9e8a39c3bbd18c243f80e9d84aa9d73e1ce1e55aef709746
                                                    • Instruction Fuzzy Hash: A9E0E57A6003107BD601EB68BC09FAB77F8AB54B01F408419FA44C2280E338D90897FB
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $
                                                    • API String ID: 0-227171996
                                                    • Opcode ID: 395a1bfc07a86bc1b17be198384b933d6e74c24733d271f90db895820ae6568e
                                                    • Instruction ID: e3b698b264220c6a4a7ff30e5bd10faba35ce6b07e42392d760f651db3adf898
                                                    • Opcode Fuzzy Hash: 395a1bfc07a86bc1b17be198384b933d6e74c24733d271f90db895820ae6568e
                                                    • Instruction Fuzzy Hash: E46249716183419FC364CF29C980A6BB7E5FFC8304F148A2EE59997391D738E905CB9A
                                                    APIs
                                                    • GetSystemTime.KERNEL32(?,?,004CE646,?,0041E572), ref: 004CE5B7
                                                    • GetTimeZoneInformation.KERNEL32(00563D90,?,?,004CE646,?,0041E572), ref: 004CE607
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: Time$InformationSystemZone
                                                    • String ID:
                                                    • API String ID: 702727434-0
                                                    • Opcode ID: f738a3c553d765e04b5bec4b324b6c4fee79bb83ad17f4052d4625c48ac5b856
                                                    • Instruction ID: 027c201d87c87fe04e998a3dacbc9da3b97e28b55a26ca5f2fa1b84a2cf7f3f2
                                                    • Opcode Fuzzy Hash: f738a3c553d765e04b5bec4b324b6c4fee79bb83ad17f4052d4625c48ac5b856
                                                    • Instruction Fuzzy Hash: E9011D78608201DBC310BF09E85556BB7F9FB78B10FC0850AE48583321E3F68D88DB29
                                                    APIs
                                                    • GetProcessHeap.KERNEL32(00000000,?,00528C3A,-00000003), ref: 0052B447
                                                    • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004012F9), ref: 0052B44E
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: Heap$AllocProcess
                                                    • String ID:
                                                    • API String ID: 1617791916-0
                                                    • Opcode ID: 59176d969d8d5ab64b55edfac97e4b95670c40f205a4eeb4c3389c15a55de6de
                                                    • Instruction ID: 2d67d1c8230b34df0e9697497b7d0e8b3de7afbebdcce056a4f33b586f436b97
                                                    • Opcode Fuzzy Hash: 59176d969d8d5ab64b55edfac97e4b95670c40f205a4eeb4c3389c15a55de6de
                                                    • Instruction Fuzzy Hash: 61B092B9604200ABDE009BA0AE0CB1BB678AB54702F000400B619C1160C630C804EB31
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: R
                                                    • API String ID: 0-1968290334
                                                    • Opcode ID: 8546aa269060c6db0e10336a880f1cd0ec7275522bd7a3a93064d1100faa0acd
                                                    • Instruction ID: ce0d7d11e4424d034f190161494b7aac1bec0c29b2276794a3ebc18ef3406d1c
                                                    • Opcode Fuzzy Hash: 8546aa269060c6db0e10336a880f1cd0ec7275522bd7a3a93064d1100faa0acd
                                                    • Instruction Fuzzy Hash: 84C1D1B2E041689AFB208A14DC84BFBB775FF95310F1480FAD84DA7641D6791EC28F66
                                                    APIs
                                                    • CoCreateInstance.OLE32(00549E88,00000000,00000001,0054A654,?,?,?,004FB325,?,?,00000000,7750E820), ref: 004F9365
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CreateInstance
                                                    • String ID:
                                                    • API String ID: 542301482-0
                                                    • Opcode ID: 32cc378c3d08419dc9c729465278953167982d40ee5e1f975ead0e7be58d7922
                                                    • Instruction ID: d33697237a28c181885f9fc6147cb760b8f27fbda8fa23562785bbd0682874fe
                                                    • Opcode Fuzzy Hash: 32cc378c3d08419dc9c729465278953167982d40ee5e1f975ead0e7be58d7922
                                                    • Instruction Fuzzy Hash: E8F0823270111167D7288A2EEC45BE7B7D9AFD8710B05412ABD04D7280D7A0EC418594
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: Version
                                                    • String ID:
                                                    • API String ID: 1889659487-0
                                                    • Opcode ID: ee60f9e95fcef11a94c07e1fc1ede8b3207cc5aa390eaa880cb51700aab72f76
                                                    • Instruction ID: 055774edfa36a1cc0f2afeca4167b9a8919af704cd7fbd49c209ae17ea6089f8
                                                    • Opcode Fuzzy Hash: ee60f9e95fcef11a94c07e1fc1ede8b3207cc5aa390eaa880cb51700aab72f76
                                                    • Instruction Fuzzy Hash: D3E0C22C0042804EE7608F38A90AB593BB1AB65244F8804DCD4E443213D3B9021FE766
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: dc5a42f13e7841349ae14dd0d814db7469e84fc1a093c776fc8443455eaf0811
                                                    • Instruction ID: 01d32cbd04fd490b405bbb3076ca95c53af9ac6c7c72bf4527c2ddcebbd18577
                                                    • Opcode Fuzzy Hash: dc5a42f13e7841349ae14dd0d814db7469e84fc1a093c776fc8443455eaf0811
                                                    • Instruction Fuzzy Hash: D58269703083119FD714DF29E580B6BB7E5BB98708F84895EE8898B341D738EC56CB5A
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a904873dfafe76d50723d2220b700b55706c147e6e180d2363eb77a360958730
                                                    • Instruction ID: 96a45275b5f9c73a41d1d8337e9608839c2e373e62523567d3dab65913c056f8
                                                    • Opcode Fuzzy Hash: a904873dfafe76d50723d2220b700b55706c147e6e180d2363eb77a360958730
                                                    • Instruction Fuzzy Hash: 1212AF71608B019BC714DF69C890AABB3F5BF88304F444A2EF585C3741E778E949CB9A
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 04095868b29765f6348be8197726760830473c8083571c9ba6bc4c95f4dee8ec
                                                    • Instruction ID: 498cbeb692f4c70c8915f573c8722a097fb1111c7146c1bbe368278cd5f5e3e7
                                                    • Opcode Fuzzy Hash: 04095868b29765f6348be8197726760830473c8083571c9ba6bc4c95f4dee8ec
                                                    • Instruction Fuzzy Hash: 5F02CE71A04B049FD310CF29E84679AB7F5FFD8304F04892EF4CA96691D7B8E4699B09
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 927d87f6a08cd34fb77d99441a45c3a4ce47cf1e0f25776f7bb3331dde36990d
                                                    • Instruction ID: 1e7c3244e7452ae8d69b03c5c8d6f6dafe267a2916603bd4dd3bb4cac85038a4
                                                    • Opcode Fuzzy Hash: 927d87f6a08cd34fb77d99441a45c3a4ce47cf1e0f25776f7bb3331dde36990d
                                                    • Instruction Fuzzy Hash: FCC15171A087A28FC304CF5884C0406FFE2BED535072DC7AAD8985B3A6D378A899D7D5
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 328fd253c3d3266b9f1183c168a7c073fa13225f90af89d8ccac7b3aac2585fb
                                                    • Instruction ID: bfa59705cebf717bb77a31e3df0fdea1df1b133d84f49527330e693498930ead
                                                    • Opcode Fuzzy Hash: 328fd253c3d3266b9f1183c168a7c073fa13225f90af89d8ccac7b3aac2585fb
                                                    • Instruction Fuzzy Hash: 0091A4B2D001285FF728CA18DD56AEBBB79EB84314F0541BBE40DA6684D7785FC1CE42
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6a5c0a1541d3030db029717021fe89afd2a5752fc6c068978f495cf4b702206e
                                                    • Instruction ID: daade82ce8e1d1b2ee71ce6920598c29f2be78123f22ed51f0027d5a07208b60
                                                    • Opcode Fuzzy Hash: 6a5c0a1541d3030db029717021fe89afd2a5752fc6c068978f495cf4b702206e
                                                    • Instruction Fuzzy Hash: F471E8B2D001285FF768CA18DD56AEBBB78EB45314F0541FBE80DA6680D6385FC5CE52
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 68be6958af1c6a53e962f91bcc0efa0a9d1af6a4e755137e866c4c74eff88070
                                                    • Instruction ID: 95a1ac05ea7bf9e85cb9af7e548825cad19751d86e8640f90a726477929908b6
                                                    • Opcode Fuzzy Hash: 68be6958af1c6a53e962f91bcc0efa0a9d1af6a4e755137e866c4c74eff88070
                                                    • Instruction Fuzzy Hash: 6351B5B2D011285FF768CA18DE56AEBBB78EF94314F0541BBE40DA6680D6385FC4CD42
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 75b50ff1b9ba4dd892b9e41ada2c345e4812fadd8f996589414a3cb6cb0e819a
                                                    • Instruction ID: 53d2608e8c54cd10bb4b85a771cf95748db63415cbca46aee886de67e8a57e6b
                                                    • Opcode Fuzzy Hash: 75b50ff1b9ba4dd892b9e41ada2c345e4812fadd8f996589414a3cb6cb0e819a
                                                    • Instruction Fuzzy Hash: E0218EB1B054214FDB2C9B0E942113AB7E3EFDE30234A82BEE8579B3A9D9741D11D694

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 26 4f4a60-4f4a93 EnterCriticalSection 27 4f4a95-4f4a9d 26->27 28 4f4aa3-4f4aab 26->28 27->28 29 4f4aad-4f4ab5 28->29 30 4f4abb-4f4ac3 28->30 29->30 31 4f4ac5-4f4acd 30->31 32 4f4ad3-4f4adb 30->32 31->32 33 4f4aed-4f4af5 32->33 34 4f4add-4f4ae7 32->34 35 4f4afb-4f4b07 LeaveCriticalSection 33->35 36 4f4bf2-4f4bfe LeaveCriticalSection 33->36 34->33 37 4f4b09-4f4b19 35->37 38 4f4b21-4f4b27 35->38 39 4f4c18-4f4c1e 36->39 40 4f4c00-4f4c10 36->40 37->38 41 4f4b29-4f4b39 38->41 42 4f4b41-4f4b47 38->42 43 4f4c38-4f4c3e 39->43 44 4f4c20-4f4c30 39->44 40->39 41->42 45 4f4bbb-4f4bc1 42->45 46 4f4b49-4f4b69 42->46 47 4f4cb2-4f4cb8 43->47 48 4f4c40-4f4c60 43->48 44->43 51 4f4f2f-4f4f35 45->51 52 4f4bc7-4f4bf1 45->52 53 4f4b6b 46->53 54 4f4b71-4f4bb8 call 462e80 call 4a5380 call 439d00 46->54 55 4f4cdc-4f4d05 EnterCriticalSection LeaveCriticalSection 47->55 56 4f4cba-4f4cd4 47->56 49 4f4c68-4f4caf call 462e80 call 4a5380 call 439d00 48->49 50 4f4c62 48->50 49->47 50->49 53->54 54->45 59 4f4f2e 55->59 60 4f4d0b-4f4d1c EnterCriticalSection LeaveCriticalSection 55->60 56->55 59->51 64 4f4d24-4f4d42 EnterCriticalSection 60->64 65 4f4df8-4f4e1d EnterCriticalSection call 4f3bc0 LeaveCriticalSection 64->65 66 4f4d48-4f4d50 64->66 77 4f4e1f-4f4e2b 65->77 78 4f4e3b-4f4e46 call 4f3340 65->78 66->65 69 4f4d56-4f4d6e EnterCriticalSection LeaveCriticalSection 66->69 73 4f4d74-4f4df1 EnterCriticalSection LeaveCriticalSection EnterCriticalSection LeaveCriticalSection 69->73 74 4f4df3 69->74 73->65 73->74 74->65 81 4f4e2d 77->81 82 4f4e32-4f4e34 77->82 89 4f4e97-4f4e9c LeaveCriticalSection 78->89 90 4f4e48-4f4e4d 78->90 81->82 82->78 87 4f4e36-4f4e39 82->87 87->78 87->89 91 4f4ea2-4f4ebd EnterCriticalSection 89->91 92 4f4e4f-4f4e51 90->92 93 4f4e69-4f4e73 call 4f3d00 90->93 96 4f4ebf-4f4ec1 91->96 97 4f4ed8-4f4ee5 LeaveCriticalSection 91->97 92->93 94 4f4e53-4f4e55 92->94 101 4f4e78-4f4e8f LeaveCriticalSection 93->101 94->93 100 4f4e57-4f4e67 call 4ff020 call 439d00 94->100 102 4f4eca-4f4ed2 96->102 103 4f4ec3-4f4ec8 96->103 98 4f4f0c-4f4f12 97->98 99 4f4ee7-4f4efb EnterCriticalSection 97->99 98->59 107 4f4f14-4f4f29 98->107 104 4f4efd 99->104 105 4f4f01-4f4f06 LeaveCriticalSection 99->105 100->101 101->64 108 4f4e95 101->108 102->97 103->97 104->105 105->98 107->59 108->91
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32 ref: 004F4A89
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F4AFB
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F4BF2
                                                    • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F4CEA
                                                    • LeaveCriticalSection.KERNEL32(?,?), ref: 004F4CFD
                                                    • EnterCriticalSection.KERNEL32(?), ref: 004F4D17
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F4D1A
                                                    • EnterCriticalSection.KERNEL32(?), ref: 004F4D36
                                                    • EnterCriticalSection.KERNEL32(?), ref: 004F4D5D
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F4D66
                                                    • EnterCriticalSection.KERNEL32(?), ref: 004F4D81
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F4D87
                                                    • EnterCriticalSection.KERNEL32(?), ref: 004F4DB6
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F4DC0
                                                    • EnterCriticalSection.KERNEL32(?), ref: 004F4E05
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F4E11
                                                    • LeaveCriticalSection.KERNEL32(?,00000000), ref: 004F4E7D
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F4E9C
                                                    • EnterCriticalSection.KERNEL32(?), ref: 004F4EB3
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F4ED9
                                                    • EnterCriticalSection.KERNEL32(?), ref: 004F4EF4
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F4F06
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$Leave$Enter
                                                    • String ID: NetStream.Play.Start$NetStream.Play.Stop$NetStream.Play.StreamNotFound$NetStream.Seek.InvalidTime$NetStream.Seek.Notify$error$status
                                                    • API String ID: 2978645861-761530088
                                                    • Opcode ID: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                                    • Instruction ID: 162dc2aece2cb8deeda7270d3cf99ca9d96a23cce06d37320eaaf024755f17c1
                                                    • Opcode Fuzzy Hash: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                                    • Instruction Fuzzy Hash: C7E190352047459FD320DB34C845BABBBE1BF89714F04895DE9AA57382CB74F80ACB65

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 590 4d5d20-4d5d40 call 435350 593 4d6069-4d6073 590->593 594 4d5d46-4d5d56 call 435400 590->594 597 4d5d58-4d5d6f DestroyWindow 594->597 598 4d5d72-4d5d82 call 435400 594->598 601 4d5dab-4d5dbb call 435400 598->601 602 4d5d84-4d5da8 call 4d5380 call 4db4e0 598->602 607 4d5dbd-4d5dec call 4d5380 call 4a7ac0 601->607 608 4d5def-4d5dff call 435400 601->608 616 4d5fdc-4d5fec call 435400 608->616 617 4d5e05-4d5e12 608->617 630 4d5fee-4d602f call 4d5380 GetMenu call 4dad30 616->630 631 4d6032-4d6042 call 435400 616->631 620 4d5e14-4d5e16 617->620 621 4d5e41-4d5e55 GetModuleFileNameA 617->621 625 4d5e1c-4d5e1e 620->625 626 4d5e18-4d5e1a 620->626 622 4d605c-4d6066 621->622 623 4d5e5b-4d5e5c 621->623 623->622 629 4d5e62-4d5e69 623->629 627 4d5e24-4d5e26 625->627 628 4d5e20-4d5e22 625->628 626->625 632 4d5e38-4d5e3f 626->632 634 4d5e2c-4d5e2e 627->634 635 4d5e28-4d5e2a 627->635 628->627 628->632 636 4d5e6b-4d5e6e 629->636 637 4d5e80-4d5e82 629->637 631->593 644 4d6044-4d6056 call 4d5380 631->644 632->620 632->621 634->632 640 4d5e30-4d5e32 634->640 635->632 635->634 636->637 641 4d5e70-4d5e71 636->641 637->622 643 4d5e88-4d5e92 637->643 640->622 640->632 641->629 645 4d5e73-4d5e7d 641->645 647 4d5e95-4d5e9a 643->647 644->622 647->647 650 4d5e9c-4d5ec2 call 52b380 * 2 647->650 656 4d5fbf-4d5fd9 call 439d00 * 2 650->656 657 4d5ec8-4d5eca 650->657 657->656 659 4d5ed0-4d5eda 657->659 661 4d5ee0-4d5ee8 659->661 661->661 663 4d5eea-4d5eed 661->663 665 4d5ef0-4d5ef6 663->665 665->665 666 4d5ef8-4d5f20 665->666 667 4d5f22-4d5f2a 666->667 667->667 668 4d5f2c-4d5f30 667->668 669 4d5f33-4d5f39 668->669 669->669 670 4d5f3b-4d5f4d 669->670 671 4d5f50-4d5f55 670->671 671->671 672 4d5f57-4d5f5d 671->672 673 4d5f60-4d5f66 672->673 673->673 674 4d5f68-4d5fb9 CreateProcessA 673->674 674->656
                                                    APIs
                                                    • DestroyWindow.USER32(?,?,?,?,?), ref: 004D5D5F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: DestroyWindow
                                                    • String ID: D$FSCommand:$\fscommand$allowscale$exec$fullscreen$quit$showmenu$trapallkeys
                                                    • API String ID: 3375834691-1928458085
                                                    • Opcode ID: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                                    • Instruction ID: 7647b0b3e504c4bbb0374484e0d8b702cf2a7569de5a553b4a60fd35f403e9ef
                                                    • Opcode Fuzzy Hash: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                                    • Instruction Fuzzy Hash: 27914C35504B015BCB24EF28EC617FBB791AFA6309F44451FE8888B341DB2A990BC7D9

                                                    Control-flow Graph

                                                    APIs
                                                    • GetWindowLongA.USER32(?,000000F0), ref: 004DB511
                                                    • GetWindowRect.USER32(?,?), ref: 004DB531
                                                    • GetClientRect.USER32(?,?), ref: 004DB541
                                                    • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB55D
                                                    • GetMenu.USER32(?), ref: 004DB581
                                                    • SetMenu.USER32(?,00000000), ref: 004DB596
                                                    • GetDesktopWindow.USER32 ref: 004DB5B0
                                                    • GetWindowRect.USER32(00000000,?), ref: 004DB5BC
                                                    • SetWindowPos.USER32(?,00000000,?,?,?,?,00000000,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB5E1
                                                    • GetWindowLongA.USER32(?,000000F0), ref: 004DB604
                                                    • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB62A
                                                    • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB66D
                                                    • GetWindowRect.USER32(?,?), ref: 004DB6A5
                                                    • GetClientRect.USER32(?,?), ref: 004DB6B7
                                                    • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB702
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: Window$Rect$Long$ClientMenuMove$Desktop
                                                    • String ID:
                                                    • API String ID: 3087884050-0
                                                    • Opcode ID: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                                    • Instruction ID: afb7dc4107877f96dc9ff69242aee4b267e14dc018c2a581ac30f1de2d6509eb
                                                    • Opcode Fuzzy Hash: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                                    • Instruction Fuzzy Hash: 1C61F7756047009FE714CF79D888FA7B7E9EB98314F108A1EE5AA83344DE74B8088B65

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 730 4cfe40-4cfe62 731 4cfe68-4cfe6d call 497d20 730->731 732 4cffe0-4cfffd RegOpenKeyExA 730->732 741 4cfe6f call 4cb0e0 731->741 734 4cffff-4d002b RegQueryValueExA 732->734 735 4d0049-4d0059 732->735 736 4d002d-4d0039 call 435020 734->736 737 4d003e-4d0042 734->737 736->737 740 4d0043 RegCloseKey 737->740 740->735 742 4cfe74-4cfe76 741->742 743 4cfe7c-4cfe99 RegOpenKeyExW 742->743 744 4cff3f-4cff5c RegOpenKeyExA 742->744 743->735 746 4cfe9f-4cfecb RegQueryValueExW 743->746 744->735 745 4cff62-4cff8e RegQueryValueExA 744->745 747 4cffd9-4cffde 745->747 748 4cff90-4cff93 745->748 746->737 749 4cfed1-4cfee3 call 4b8350 746->749 747->740 750 4cffc8-4cffd4 call 435020 748->750 751 4cff95-4cffa9 call 4b8440 748->751 749->737 756 4cfee9-4cfeec 749->756 750->747 751->747 760 4cffab-4cffc6 call 435020 call 439d00 751->760 758 4cfeee-4cff04 call 435020 call 439d00 756->758 759 4cff09-4cff1e call 4d9d70 call 439d00 756->759 758->737 759->737 773 4cff24-4cff3a call 435020 call 439d00 759->773 760->740 773->737
                                                    APIs
                                                    • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFE8F
                                                    • RegQueryValueExW.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFEC1
                                                    • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFF52
                                                    • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFF84
                                                    • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFFF3
                                                    • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004D0021
                                                    • RegCloseKey.ADVAPI32(00000000), ref: 004D0043
                                                      • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: OpenQueryValue$CloseVersion
                                                    • String ID: AppData$AppData$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                                    • API String ID: 3944000476-502054578
                                                    • Opcode ID: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                                    • Instruction ID: f72081d33d1e3e5e856db847e9c33e0e25e3821136d69a0383b26c3c547fa845
                                                    • Opcode Fuzzy Hash: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                                    • Instruction Fuzzy Hash: 0151B2715087017BC725DB50EC95FAB73E8AF88754F00891EF98553381EAB9D80AC7AA

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 949 4f5fc0-4f5fd7 950 4f5fdd-4f5ff0 call 4f5cb0 949->950 951 4f6093-4f6095 949->951 963 4f605d-4f6065 950->963 964 4f5ff2-4f6058 call 4fe010 950->964 953 4f60f7-4f60f9 951->953 954 4f6097-4f609f 951->954 956 4f60ff-4f6101 953->956 957 4f61a1 953->957 958 4f60b2-4f60ba 954->958 959 4f60a1-4f60a6 954->959 961 4f62e5-4f62ec 956->961 965 4f6107-4f6148 EnterCriticalSection LeaveCriticalSection EnterCriticalSection LeaveCriticalSection call 4f2bf0 956->965 960 4f61a7-4f61a9 957->960 957->961 958->953 962 4f60bc-4f60be 958->962 959->958 966 4f60a8-4f60b0 959->966 960->961 967 4f61af-4f61c2 call 4f24f0 960->967 968 4f60d3 962->968 969 4f60c0-4f60c5 962->969 963->951 971 4f6067-4f607c EnterCriticalSection 963->971 964->963 980 4f614a 965->980 981 4f6167-4f6174 call 4f2bf0 965->981 966->958 966->962 983 4f624e-4f625b call 4f24f0 967->983 984 4f61c8-4f61ce 967->984 975 4f60d9-4f60f2 call 4e5ec0 968->975 969->968 974 4f60c7-4f60d1 969->974 976 4f607e 971->976 977 4f6085-4f608d LeaveCriticalSection 971->977 974->968 974->975 975->953 976->977 977->951 982 4f6150-4f6165 call 4f3d00 call 4f2bf0 980->982 981->961 997 4f617a 981->997 982->981 983->961 998 4f6261 983->998 989 4f61d0-4f61df EnterCriticalSection 984->989 994 4f61e6-4f61ef 989->994 995 4f61e1 989->995 1000 4f6201-4f620a 994->1000 1001 4f61f1-4f61ff 994->1001 995->994 1002 4f6180-4f6195 call 4f3d00 call 4f2bf0 997->1002 1003 4f6267-4f6276 EnterCriticalSection 998->1003 1005 4f6211-4f622b LeaveCriticalSection EnterCriticalSection 1000->1005 1001->1005 1021 4f6197-4f619e 1002->1021 1007 4f627d-4f6286 1003->1007 1008 4f6278 1003->1008 1009 4f622d-4f6233 1005->1009 1010 4f6240-4f624c LeaveCriticalSection 1005->1010 1012 4f6298-4f62a1 1007->1012 1013 4f6288-4f6296 1007->1013 1008->1007 1014 4f623a-4f623d 1009->1014 1015 4f6235-4f6238 1009->1015 1010->983 1010->989 1017 4f62a8-4f62c2 LeaveCriticalSection EnterCriticalSection 1012->1017 1013->1017 1014->1010 1015->1010 1019 4f62d7-4f62e3 LeaveCriticalSection 1017->1019 1020 4f62c4-4f62ca 1017->1020 1019->961 1019->1003 1022 4f62cc-4f62cf 1020->1022 1023 4f62d1-4f62d4 1020->1023 1022->1019 1023->1019
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32(?,?,00000000,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F606E
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F608D
                                                    • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6111
                                                    • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F611B
                                                    • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F612B
                                                    • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6135
                                                      • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                                      • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                                      • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                                      • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                                      • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                                      • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                                    • EnterCriticalSection.KERNEL32(?,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F61D1
                                                    • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6212
                                                    • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F621C
                                                    • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6244
                                                    • EnterCriticalSection.KERNEL32(?,00000001,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6268
                                                    • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62A9
                                                    • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62B3
                                                    • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62DB
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$EnterLeave
                                                    • String ID:
                                                    • API String ID: 3168844106-0
                                                    • Opcode ID: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                                    • Instruction ID: 143f1fb28292c6c8f5848ec82d72cb0c1768edffe3cb57bca7300ec5568bca4f
                                                    • Opcode Fuzzy Hash: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                                    • Instruction Fuzzy Hash: 2AA1113020430E8BC725DF349854BBBBBB9AF94304F15056EFA5687382DB79E809CB65
                                                    APIs
                                                    • StartDocA.GDI32(?,00000000), ref: 004D7F29
                                                    • GetDeviceCaps.GDI32(?,00000008), ref: 004D7F47
                                                    • GetDeviceCaps.GDI32(?,0000000A), ref: 004D7F55
                                                    • LPtoDP.GDI32(00000000,00000002), ref: 004D7F83
                                                    • GetDeviceCaps.GDI32(00000000,0000006E), ref: 004D7FA0
                                                    • GetDeviceCaps.GDI32(00000000,0000006F), ref: 004D7FAE
                                                    • GetDeviceCaps.GDI32(00000000,00000058), ref: 004D7FBC
                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004D7FD2
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CapsDevice$Start
                                                    • String ID: portrait
                                                    • API String ID: 1738886688-2504013051
                                                    • Opcode ID: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                                    • Instruction ID: 78bfa520cedcb1c13f518f393ea8421dc938ea51f70754ce75912898c89e0c82
                                                    • Opcode Fuzzy Hash: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                                    • Instruction Fuzzy Hash: 7641DFB0604B109FC324DF2AD980A1AFBF5BF98710F108A1EE58A877A1D771E845CF91
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32(?,00000000,?,00000000,00000000,?,004AC0BD,?,?), ref: 004F705A
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F7081
                                                    • EnterCriticalSection.KERNEL32(?), ref: 004F709A
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F70A3
                                                    • timeGetTime.WINMM(00000000,00000000,00000000,00000000,?), ref: 004F7390
                                                    • LeaveCriticalSection.KERNEL32(?,?), ref: 004F73D5
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$Leave$Enter$Timetime
                                                    • String ID:
                                                    • API String ID: 4022644143-0
                                                    • Opcode ID: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                                    • Instruction ID: 3d57daaa4b40982c2e4bbac1192c2a7fdd3e5fb289d79a2cbb097eeb1d58369f
                                                    • Opcode Fuzzy Hash: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                                    • Instruction Fuzzy Hash: 60A12B303083495BC7259F398890BBBBBE59F85700F04456EFA9AC7392DB6CE905D768
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32(?,?,?,00000000,004F7352,?), ref: 004F2A19
                                                    • timeGetTime.WINMM ref: 004F2A25
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F2A39
                                                    • timeGetTime.WINMM(?), ref: 004F2A46
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F2AD7
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$LeaveTimetime$Enter
                                                    • String ID: NetStream.Buffer.Empty$NetStream.Buffer.Full$status
                                                    • API String ID: 2943255653-4242577526
                                                    • Opcode ID: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                                    • Instruction ID: adfbc573f46a5ae42de3eb127535f59d6c3a8125dfae6686c248f3bcdabba04f
                                                    • Opcode Fuzzy Hash: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                                    • Instruction Fuzzy Hash: 33217471740705ABD7308F14DD86B6BB7A4FB50B21F24462BF267966D0C7B4B8408754
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B64,00000002), ref: 004F3ED0
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F3EDE
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F3F20
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$Leave$Enter
                                                    • String ID:
                                                    • API String ID: 2978645861-0
                                                    • Opcode ID: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                                    • Instruction ID: 85195bc957575009e4a7604c5a43e45099f91f30af12cfc7e5b33174ac27f883
                                                    • Opcode Fuzzy Hash: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                                    • Instruction Fuzzy Hash: BF81C0316047494FC724DF39989057BB7F1AF853117148A2FE6A787B81DB38E805CB68
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32(?), ref: 00401181
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004011B1
                                                    • timeGetTime.WINMM ref: 004011C5
                                                    • timeGetTime.WINMM ref: 004011D5
                                                    • EnterCriticalSection.KERNEL32(?), ref: 004011E3
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 0040122A
                                                    • timeGetTime.WINMM ref: 0040123E
                                                    • EnterCriticalSection.KERNEL32(?), ref: 00401261
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 0040129E
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$EnterLeaveTimetime
                                                    • String ID:
                                                    • API String ID: 3486229058-0
                                                    • Opcode ID: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                                    • Instruction ID: b4a63a4f06c8fcffd2d454e61e85ed039b73bf68413dd997414ba6e559c29426
                                                    • Opcode Fuzzy Hash: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                                    • Instruction Fuzzy Hash: 6641D6357003148FCB309F60E80466BB7F4AF6575470486AEE896BB3E1DB38EC459AA5
                                                    APIs
                                                    • InterlockedExchange.KERNEL32(00000020,00000000), ref: 00411B68
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: ExchangeInterlocked
                                                    • String ID: GET$_bytesLoaded$_bytesTotal$_customHeaders$contentType$loaded
                                                    • API String ID: 367298776-2876428247
                                                    • Opcode ID: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                                    • Instruction ID: 337a073203a489cf9af6a636d5e82807fd5ac3b12a53b57697a6972a4ae57270
                                                    • Opcode Fuzzy Hash: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                                    • Instruction Fuzzy Hash: F6D126706047056BC714EF65D842AABB7E5BF88304F404A2EFA4687392EB38F945C799
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,004F5BA3,00000000), ref: 004F34EA
                                                    • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3537
                                                    • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3545
                                                    • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3556
                                                    • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F355F
                                                    • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3594
                                                    • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F359D
                                                    • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36AD
                                                    • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36BB
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$Enter$Leave
                                                    • String ID:
                                                    • API String ID: 2801635615-0
                                                    • Opcode ID: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                                    • Instruction ID: 93c01fc31a9ee7373f9c1d93048bf40271cec5808ab28bfcb2eca2428eaae834
                                                    • Opcode Fuzzy Hash: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                                    • Instruction Fuzzy Hash: 1F51BE3020474A9BD7249F319558BBBBBF8AF84742F04485EE5DEC3361DB28EA08C724
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32(?,?,?,?), ref: 004F3709
                                                    • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F374C
                                                    • LeaveCriticalSection.KERNEL32(?,?), ref: 004F375C
                                                    • EnterCriticalSection.KERNEL32(?), ref: 004F376D
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F377A
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F37A9
                                                    • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F37C5
                                                    • LeaveCriticalSection.KERNEL32(?,?), ref: 004F37D5
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F37EC
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$Leave$Enter
                                                    • String ID:
                                                    • API String ID: 2978645861-0
                                                    • Opcode ID: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                                    • Instruction ID: 1822ab8b2bc00c4b335a7296647f06df4fe24da2c1cedc303b1505dbbb5a7089
                                                    • Opcode Fuzzy Hash: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                                    • Instruction Fuzzy Hash: 2831D1B11087894BC610AF35A9807EBFBF8BF89714F04499DE5E953251C734AA1DC726
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: gethostbynamehtonlhtonsinet_addr
                                                    • String ID: localhost
                                                    • API String ID: 4009071410-2663516195
                                                    • Opcode ID: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                                    • Instruction ID: cf482c115b2fa46a5b5609c5aae3d134ea41c2cdeafd480f3feffcf81808ee73
                                                    • Opcode Fuzzy Hash: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                                    • Instruction Fuzzy Hash: 9131ED30208311ABDB20DF249C85BBBB7E5FF95710F004A1EF9559B381E7719948C7A6
                                                    APIs
                                                    • timeGetTime.WINMM(00000000), ref: 004145E1
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: Timetime
                                                    • String ID: gfff$gfff$gfff$gfff
                                                    • API String ID: 17336451-2178600047
                                                    • Opcode ID: a6eb4a1a4bf024f16c397edd5e841aed2049ab2de515439dd25e44f6491a1c28
                                                    • Instruction ID: e32ce3efbecf0e845fb5c017bd6949167df468d5a0ad1b28c98723774e94ba96
                                                    • Opcode Fuzzy Hash: a6eb4a1a4bf024f16c397edd5e841aed2049ab2de515439dd25e44f6491a1c28
                                                    • Instruction Fuzzy Hash: 79C17E313046059BD718DF15C494BEA77A6BFC8704F18856EE8498F382CB79ED42CB9A
                                                    APIs
                                                    • timeKillEvent.WINMM(?), ref: 004D8B13
                                                    • Sleep.KERNEL32(00000001,?,0041D4A9), ref: 004D8B2D
                                                    • waveOutReset.WINMM(?,?,0041D4A9), ref: 004D8B34
                                                    • waveOutUnprepareHeader.WINMM(?,-000013C4,00000020,?,?,0041D4A9), ref: 004D8B5A
                                                    • Sleep.KERNEL32(00000001,?,?,0041D4A9), ref: 004D8B63
                                                    • waveOutClose.WINMM(?,?,0041D4A9), ref: 004D8B86
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: wave$Sleep$CloseEventHeaderKillResetUnpreparetime
                                                    • String ID:
                                                    • API String ID: 3030913982-0
                                                    • Opcode ID: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                                    • Instruction ID: 723e303dfaa0e6e3e16fcc3d7d301ea8209cd941138754b25ec6b12d62c8e06b
                                                    • Opcode Fuzzy Hash: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                                    • Instruction Fuzzy Hash: 0401ADB5A00214ABC3149F14EC88AAEB7F8FB98B11F00091BF41497301CB79A9598BF5
                                                    APIs
                                                    • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000,?,?,?,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF94E
                                                    • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,-00000001,00000000,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF99D
                                                    • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000), ref: 004CF9BF
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID: \\?\
                                                    • API String ID: 823142352-4282027825
                                                    • Opcode ID: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                                    • Instruction ID: d900b4c61e2357813c95f9d4093febd61d3ae0210469f6574eac6d9984f09979
                                                    • Opcode Fuzzy Hash: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                                    • Instruction Fuzzy Hash: A141C2B5904300BBEB50EB21DC86F1B77A9EB89348F24092EF54597381D63DDC48C7A6
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32(?,00000000,?,?,004DDFDB,000000FF,00000001,004DE7BA), ref: 004DD6FC
                                                    • EnterCriticalSection.KERNEL32(?), ref: 004DD71E
                                                      • Part of subcall function 004FA760: EnterCriticalSection.KERNEL32(?,?,00000000,7750E820,?,004DD732), ref: 004FA76A
                                                      • Part of subcall function 004FA760: LeaveCriticalSection.KERNEL32(?), ref: 004FA77A
                                                      • Part of subcall function 004DC9A0: EnterCriticalSection.KERNEL32 ref: 004DCA0C
                                                      • Part of subcall function 004DC9A0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?), ref: 004DCA1D
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004DD741
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004DD744
                                                    • EnterCriticalSection.KERNEL32(?), ref: 004DD74C
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004DD771
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004DD774
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$Leave$Enter
                                                    • String ID:
                                                    • API String ID: 2978645861-0
                                                    • Opcode ID: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                                    • Instruction ID: 32add75de912499d63db8df7e296ef1919b4cd71e3024a8d459c2c8f380e6b48
                                                    • Opcode Fuzzy Hash: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                                    • Instruction Fuzzy Hash: 59012975302A155FD324EB2ADC90B6BE3F9AF91354F00842FE546C3750CB64FC058AA9
                                                    APIs
                                                    • CreateWindowExA.USER32(00000000,STATIC,Dummy,80000000,00000000,00000000,00000005,00000005,00000000,00000000,00000000,00000000), ref: 004D866B
                                                    • SetWindowLongA.USER32(00000000,000000EB,00000000), ref: 004D8683
                                                    • SetWindowLongA.USER32(?,000000FC,004D8520), ref: 004D8690
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: Window$Long$Create
                                                    • String ID: Dummy$STATIC
                                                    • API String ID: 1733017098-132613206
                                                    • Opcode ID: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                                    • Instruction ID: 60c9263fdfddd51d1a46959990d996e43c4a0f9c9599785539e6d357df671051
                                                    • Opcode Fuzzy Hash: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                                    • Instruction Fuzzy Hash: 35F0303138471076E630A66ABC06F57B6EC9B59F31F21071AB319F76E0DAE0F8004A2C
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32(?,00000010,?,00000000,00000000,004EF87C,?,?,004AC02B,?,?), ref: 004F5A80
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F5A8A
                                                    • EnterCriticalSection.KERNEL32(?), ref: 004F5B2E
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F5B3D
                                                    • EnterCriticalSection.KERNEL32(?,00000002), ref: 004F5B78
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F5B8A
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$EnterLeave
                                                    • String ID:
                                                    • API String ID: 3168844106-0
                                                    • Opcode ID: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                                    • Instruction ID: 42192e3c7faa4449eaa7148df56c5331408008ed83f87a65c0d534a8c29348b8
                                                    • Opcode Fuzzy Hash: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                                    • Instruction Fuzzy Hash: EE41B634300B0D5BD7259F319894BBB77A9AF80704F08415EEB6A8B392DB18FC15D768
                                                    APIs
                                                    • timeGetTime.WINMM(?,?,?,?,?,?), ref: 004F274C
                                                    • EnterCriticalSection.KERNEL32(?,00000000,?,?,?), ref: 004F277D
                                                    • LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 004F2787
                                                    • timeGetTime.WINMM(?,?), ref: 004F2792
                                                    • timeGetTime.WINMM(?,?,?,?,?), ref: 004F27C6
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: Timetime$CriticalSection$EnterLeave
                                                    • String ID:
                                                    • API String ID: 1404962471-0
                                                    • Opcode ID: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                                    • Instruction ID: 9d8894fa7cd5c1a3a8d1574b016894ebc4e8e1121a62fd2c9071eafdbb47ea2c
                                                    • Opcode Fuzzy Hash: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                                    • Instruction Fuzzy Hash: B531BC35208B049BC314DF25E9956ABB7F1FFC9720F148A2DE4EA83390DB34A419CB56
                                                    APIs
                                                    • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 00529421
                                                    • Sleep.KERNEL32(00000000,?,08000041,?,?,00529592,?,?), ref: 00529431
                                                    • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 0052943A
                                                    • InterlockedExchange.KERNEL32(00000378,00000000), ref: 0052944F
                                                    • __aulldiv.LIBCMT ref: 0052947B
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: ExchangeInterlocked$Compare$Sleep__aulldiv
                                                    • String ID:
                                                    • API String ID: 1430435781-0
                                                    • Opcode ID: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                                    • Instruction ID: c7c6432b147b16162d76303af8a74e071e756cb34c164aed74e4a8b1f06fd785
                                                    • Opcode Fuzzy Hash: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                                    • Instruction Fuzzy Hash: 9C215AB15007409FD7219F2A9844A67FEFCFFA1705F10851FA45A873A1D7B4A904CB64
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                                    • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                                    • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                                    • EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$EnterLeave
                                                    • String ID:
                                                    • API String ID: 3168844106-0
                                                    • Opcode ID: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                                    • Instruction ID: 3111dceef54b192a201187cebb12310cd19e01e5115420dd7c98ed3fae01612e
                                                    • Opcode Fuzzy Hash: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                                    • Instruction Fuzzy Hash: 2921A73520174A4BD710AF66E888BFFB7B8EB60305F00852FEB4643251C779A84ADB64
                                                    APIs
                                                    • CreateSolidBrush.GDI32(?), ref: 004D802E
                                                    • SelectObject.GDI32(?,00000000), ref: 004D8044
                                                    • FillRect.USER32(?,?,00000000), ref: 004D8067
                                                    • SelectObject.GDI32(?,00000000), ref: 004D8075
                                                    • DeleteObject.GDI32(00000000), ref: 004D8078
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: Object$Select$BrushCreateDeleteFillRectSolid
                                                    • String ID:
                                                    • API String ID: 3777265051-0
                                                    • Opcode ID: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                                    • Instruction ID: d8a686452ba02d7e488f009474b8275e6b936404318e954abf19810798465268
                                                    • Opcode Fuzzy Hash: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                                    • Instruction Fuzzy Hash: 76019A752042046FC304DB69ED88C6B7BF8EACD614B000A5DFA8983312E635E806DB71
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32(?,?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E468C
                                                    • LeaveCriticalSection.KERNEL32(?,0041D485), ref: 004E46A2
                                                    • DeleteCriticalSection.KERNEL32(?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D0
                                                    • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D9
                                                    • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46E6
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$Delete$EnterLeave
                                                    • String ID:
                                                    • API String ID: 3104255891-0
                                                    • Opcode ID: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                                    • Instruction ID: c031ed0988ac34fb64eb35ca7992c3622ed3d26c78e5592643255ae209dbdd49
                                                    • Opcode Fuzzy Hash: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                                    • Instruction Fuzzy Hash: D101D4B750060C5BC2106B35EC81BAF73A8AFC4214F05051EF54F93241DA68B8088BA1
                                                    APIs
                                                    • GetFileAttributesExA.KERNEL32(?,00000000,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?), ref: 004CFE0F
                                                      • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                                    • GetFileAttributesExW.KERNEL32(00000000,00000000,?,?,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852), ref: 004CFDAF
                                                    • GetFileAttributesExA.KERNEL32(00000000,00000000,?,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?,00000000), ref: 004CFDED
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: AttributesFile$Version
                                                    • String ID: \\?\
                                                    • API String ID: 3849939888-4282027825
                                                    • Opcode ID: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                                    • Instruction ID: f991edffad243b4bd670aca913d189ed867c40d808b57564552852d0b3f79ee3
                                                    • Opcode Fuzzy Hash: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                                    • Instruction Fuzzy Hash: 6431277A90031067D710AA65AC42FEB73995F85704F54042FF90687352EB6D9C0EC2EA
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32(?,00000000,00000000), ref: 004FA67B
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004FA749
                                                      • Part of subcall function 004F9B30: EnterCriticalSection.KERNEL32(?,00000000,?,004FA7A6,?,?,7750FFB0), ref: 004F9B35
                                                      • Part of subcall function 004F9B30: LeaveCriticalSection.KERNEL32(?), ref: 004F9B84
                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000100,00000000,00000000,?), ref: 004FA715
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$EnterLeave$ByteCharMultiWide
                                                    • String ID: FriendlyName
                                                    • API String ID: 904232820-3623505368
                                                    • Opcode ID: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                                    • Instruction ID: 4f25218f4a75fa1caa45750efdb6ff353ea89136e06b91a5ad3ed6f7a0914714
                                                    • Opcode Fuzzy Hash: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                                    • Instruction Fuzzy Hash: 9A212A75244301AFD220EB54DC49F5BB7F8BF88714F008A1DFA899B290D774F8098BA6
                                                    APIs
                                                    • CreateCompatibleDC.GDI32(00000000), ref: 004CADB4
                                                    • CreateDIBSection.GDI32(00000000,?,00000000,?,00000000,00000000), ref: 004CADC8
                                                    • GetObjectA.GDI32(00000000,00000018,?), ref: 004CADD8
                                                    • DeleteDC.GDI32(00000000), ref: 004CADFF
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: Create$CompatibleDeleteObjectSection
                                                    • String ID:
                                                    • API String ID: 3137390749-0
                                                    • Opcode ID: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                                    • Instruction ID: ec125f8efd539a004f5243cd975522e641b23088832de904e1665531ca55df12
                                                    • Opcode Fuzzy Hash: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                                    • Instruction Fuzzy Hash: 2981AFB56043458FC324CF29D484A67FBF1BF98314F148A6ED58A87712D334E989CBA6
                                                    APIs
                                                    • QueryPerformanceCounter.KERNEL32 ref: 0052AFF0
                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 0052B016
                                                      • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C25F
                                                      • Part of subcall function 0040C250: Sleep.KERNEL32(00000000,?,?,0052B390,?,004012F9,00000008), ref: 0040C272
                                                      • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C279
                                                    • InterlockedExchange.KERNEL32(?,00000000), ref: 0052B050
                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 0052B05B
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CounterExchangeInterlockedPerformanceQuery$Compare$Sleep
                                                    • String ID:
                                                    • API String ID: 188302963-0
                                                    • Opcode ID: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                                    • Instruction ID: 331ae7ec3883c6fb41667714d1c2397b805b788a0704fbfdebc2abdcd4384ec1
                                                    • Opcode Fuzzy Hash: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                                    • Instruction Fuzzy Hash: 19212A75604712ABC318DF65D884A9AF7E8BF89300F040A1DE85993780D734F918CBA2
                                                    APIs
                                                      • Part of subcall function 004E4850: waveInGetNumDevs.WINMM(defaultmicrophone,00000000,?,00000000,?,?,?,?,004E8459,?,?,?,?,?,?,?), ref: 004E489B
                                                      • Part of subcall function 004E4C80: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C7E,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E4C8A
                                                      • Part of subcall function 004E4C80: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E4CD7
                                                      • Part of subcall function 004E3860: EnterCriticalSection.KERNEL32(?,00000000,?,004E5C91,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E3868
                                                      • Part of subcall function 004E3860: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E388F
                                                      • Part of subcall function 004E5B40: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C9B,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?), ref: 004E5B4C
                                                      • Part of subcall function 004E5B40: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5B71
                                                    • EnterCriticalSection.KERNEL32(00000004,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E5CA2
                                                    • LeaveCriticalSection.KERNEL32(00000004,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5CB2
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$EnterLeave$Devswave
                                                    • String ID: echosuppression$gain
                                                    • API String ID: 967401230-1829011300
                                                    • Opcode ID: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                                    • Instruction ID: eec625d20ecc8ac728587d7ca18c0fda910ff7f544bd80cb39fcd025b5d808b6
                                                    • Opcode Fuzzy Hash: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                                    • Instruction Fuzzy Hash: 4C118E35700B449BC711EB67C9A1A2BB3B9BF8871AB15049EE5464B741CB24FC02CBA4
                                                    APIs
                                                      • Part of subcall function 0050B060: CreateEventA.KERNEL32(00000000,?,00000000,00000000,00000000,00509F02,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E), ref: 0050B06E
                                                    • InitializeCriticalSection.KERNEL32(0000007C,00000001,00000001,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E,00549D98,?,?), ref: 00509F34
                                                    • InitializeCriticalSection.KERNEL32(00000094,?,?,?,?,?,?,?,?,7750FFB0), ref: 00509F3D
                                                    • InitializeCriticalSection.KERNEL32 ref: 00509F6E
                                                    • SetEvent.KERNEL32 ref: 00509F74
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalInitializeSection$Event$Create
                                                    • String ID:
                                                    • API String ID: 662013055-0
                                                    • Opcode ID: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                                    • Instruction ID: a00b6d7b902e657a52a59b9571d5736a80dfe09fbfe7896e9036a1fe9281f1e6
                                                    • Opcode Fuzzy Hash: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                                    • Instruction Fuzzy Hash: 9B21C4B1540B049FE320DF6AD884A9BFBE8FF94704F00490EE1AA83661D7B1B405CB61
                                                    APIs
                                                    • GetSystemDirectoryA.KERNEL32(?,00000105), ref: 004D2AB9
                                                    • CreateCompatibleDC.GDI32(00000000), ref: 004D2B3D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CompatibleCreateDirectorySystem
                                                    • String ID: Macromed\Flash\
                                                    • API String ID: 2606042488-1438515271
                                                    • Opcode ID: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                                    • Instruction ID: 299e9cb63676f09c6c690dce7675c16131e739682a5e940449f79e26451de6f9
                                                    • Opcode Fuzzy Hash: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                                    • Instruction Fuzzy Hash: 8F118A711047016FC704EF21EC52AAF77E4BF98704F40491EF19943281DB78A908CFAA
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B22,00000001,000000FF), ref: 004F2BFE
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F2C88
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F2CCE
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F2CF1
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$Leave$Enter
                                                    • String ID:
                                                    • API String ID: 2978645861-0
                                                    • Opcode ID: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                                    • Instruction ID: d821757bbb06b5f881817bb4be3b83133dcd2ebdcf47b2e92145d0cebd45ebc1
                                                    • Opcode Fuzzy Hash: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                                    • Instruction Fuzzy Hash: D631D2762042854FD3248F29D898A3BBBF5EFD9351F19856EE696C7381C779D808C720
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,004F7247,?), ref: 004F64C1
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F64E6
                                                    • EnterCriticalSection.KERNEL32(?), ref: 004F64EC
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F6515
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$EnterLeave
                                                    • String ID:
                                                    • API String ID: 3168844106-0
                                                    • Opcode ID: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                                    • Instruction ID: c39e4b2d7a975ea5970b06f88a1f0ae82272a8bb6f48ad921d14b69448efe04b
                                                    • Opcode Fuzzy Hash: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                                    • Instruction Fuzzy Hash: FC0188352003485BC714EF24D880A77F3A9AF46258B19559DE5C657342CA39EC06CBA4
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32(?), ref: 0040139D
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004013B3
                                                    • EnterCriticalSection.KERNEL32(00000005), ref: 004013CA
                                                    • LeaveCriticalSection.KERNEL32(00000005), ref: 004013D8
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1547529851.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000000.00000002.1547509878.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547639762.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547671231.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547725054.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547797068.00000000006A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547854036.000000000071B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547875181.000000000071F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547894284.000000000072A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547917906.000000000072D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547946420.0000000000735000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1547971569.0000000000738000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548004220.000000000073E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548025188.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548063600.0000000000770000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000000.00000002.1548081846.0000000000774000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$EnterLeave
                                                    • String ID:
                                                    • API String ID: 3168844106-0
                                                    • Opcode ID: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                                    • Instruction ID: 1dc668918495c93d19b35d2f921703afc781594381be1afc9f76799b5a6aac2f
                                                    • Opcode Fuzzy Hash: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                                    • Instruction Fuzzy Hash: 280112B620070AAFC310CF69D884946FBF8FFA8314B10C55AE95983711C771F956CBA0
                                                    APIs
                                                    • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 007D90C1
                                                    • VirtualFree.KERNELBASE(00000000,00000000,?), ref: 007D926D
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000003.1514791334.00000000007D9000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                    • Associated: 00000003.00000003.1518037946.00000000007A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_3_7a0000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: Virtual$AllocFree
                                                    • String ID:
                                                    • API String ID: 2087232378-0
                                                    • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                    • Instruction ID: 0fc34a67d6a827dc0d7c73ac8cbc6399621bf70b2ed37733089f3a1ac3a5ace5
                                                    • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                    • Instruction Fuzzy Hash: 3B717B71E0424AEFDB41CF98C985BEDBBF0BB09314F244096E565F7341D238AA91DB64
                                                    APIs
                                                    • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 007D9314
                                                      • Part of subcall function 007D9098: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 007D90C1
                                                      • Part of subcall function 007D9098: VirtualFree.KERNELBASE(00000000,00000000,?), ref: 007D926D
                                                    • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 007D9366
                                                    • VirtualProtect.KERNELBASE(0000002C,?,00000040,0000002C), ref: 007D93C0
                                                    • VirtualFree.KERNELBASE(00000000,00000000,?), ref: 007D93F3
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000003.1514791334.00000000007D9000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                    • Associated: 00000003.00000003.1518037946.00000000007A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_3_7a0000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: Virtual$Alloc$Free$Protect
                                                    • String ID: ,
                                                    • API String ID: 1004437363-3772416878
                                                    • Opcode ID: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                                    • Instruction ID: ee00285b848096d9d149dff14d2196b619dd9fb5748accbcb1c1095e45e7ac29
                                                    • Opcode Fuzzy Hash: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                                    • Instruction Fuzzy Hash: A351E975900609EFCB20DFA9C885A9EBBF8FF08354F10851AFA59A7241D374E951CBA4
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000003.1518037946.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_3_7a0000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: __freea$__alloca_probe_16
                                                    • String ID:
                                                    • API String ID: 3509577899-0
                                                    • Opcode ID: f7a03af1f28fe692d224fce8426d8e90eb535a2185ddb9f5c56a6e2cdb0b48ca
                                                    • Instruction ID: 081cf3fe198209f33fe3a0b120c8ca826e5becfb798a419be24fc89da9dc40e2
                                                    • Opcode Fuzzy Hash: f7a03af1f28fe692d224fce8426d8e90eb535a2185ddb9f5c56a6e2cdb0b48ca
                                                    • Instruction Fuzzy Hash: 0251917270020AAAEB219FA0CC49FAB76BAEF84710F15112BFD0596351E778ED1086A0
                                                    APIs
                                                    • RtlAllocateHeap.NTDLL(00000008,00000000,00000000,?,007D12D6,00000001,00000364,00000000,?,000000FF,?,007D44E3,?,?,00000000), ref: 007D1789
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000003.1518037946.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_3_7a0000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: AllocateHeap
                                                    • String ID:
                                                    • API String ID: 1279760036-0
                                                    • Opcode ID: 4dd17e05e571d23a7c568dcfab70eb3b2996f13ffc4bf185ad604151f66b3aa5
                                                    • Instruction ID: 63ce72809df27f5417c84464b849e36b66b66d069cf00a6849f19197063ea4e2
                                                    • Opcode Fuzzy Hash: 4dd17e05e571d23a7c568dcfab70eb3b2996f13ffc4bf185ad604151f66b3aa5
                                                    • Instruction Fuzzy Hash: 79F08971605235BADB616B729D49B6A3778AF417B0B548017EC08DA3B0EA2CDC0046E4
                                                    APIs
                                                    • LCMapStringEx.KERNELBASE(?,007D0C92,?,?,-00000008,?,00000000,00000000,00000000,00000000,00000000), ref: 007D3D75
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000003.1518037946.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_3_7a0000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: String
                                                    • String ID:
                                                    • API String ID: 2568140703-0
                                                    • Opcode ID: 175506e9baa064e8de5336ff9f9c35cc612b60ef2b7bb8bbe571b4be71336b6e
                                                    • Instruction ID: c3c72d564a4f20c8bea0f29fec32ed21c670867db13d8b38512067307f666f9c
                                                    • Opcode Fuzzy Hash: 175506e9baa064e8de5336ff9f9c35cc612b60ef2b7bb8bbe571b4be71336b6e
                                                    • Instruction Fuzzy Hash: 08F0683610025ABBCF125F90DC099DE3F26AB48360B058111BA1969220C73ACA31AFA1
                                                    APIs
                                                    • VirtualFree.KERNELBASE(?,00000000,?), ref: 007CBFCE
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000003.1518037946.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_3_7a0000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: FreeVirtual
                                                    • String ID:
                                                    • API String ID: 1263568516-0
                                                    • Opcode ID: 2b2b09fd54bcda281bc1361cc72eafe3c16d7000e3994f5a488a0eb69cbcd1b9
                                                    • Instruction ID: 9dbe86c5b4215908777a3276febbbed1dde0bcd46da8c6c5dc297dcfcc1c5923
                                                    • Opcode Fuzzy Hash: 2b2b09fd54bcda281bc1361cc72eafe3c16d7000e3994f5a488a0eb69cbcd1b9
                                                    • Instruction Fuzzy Hash: 1631F371900209ABCB10CFA9D881FAEBBF8BF08704F10842DE955A7390D779A9458F94
                                                    APIs
                                                    • CloseHandle.KERNELBASE(00000000), ref: 007CBCC7
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000003.1518037946.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_3_7a0000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: 9ac12d75cf364b735dce5310dc04a39102ca413bb26d0aa9ec29b9aecec6e3ff
                                                    • Instruction ID: 8cae220516fcf033456b5b081b1e20611534ce2899c4ed54bab4f52bb7db096b
                                                    • Opcode Fuzzy Hash: 9ac12d75cf364b735dce5310dc04a39102ca413bb26d0aa9ec29b9aecec6e3ff
                                                    • Instruction Fuzzy Hash: 61E0EDB6902662BBD3212B209D4AE7B732CEF95701B00842CFD10E6340DF28DC01C6B0
                                                    APIs
                                                    • GlobalAlloc.KERNEL32(00002002,00000002), ref: 004D9B06
                                                    • GlobalLock.KERNEL32(00000000), ref: 004D9B17
                                                    • GlobalUnlock.KERNEL32(00000000), ref: 004D9B28
                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000001,00000000,00000000), ref: 004D9B51
                                                    • GlobalAlloc.KERNEL32(00002002,00000001), ref: 004D9B61
                                                    • GlobalLock.KERNEL32(00000000), ref: 004D9B70
                                                    • GlobalUnlock.KERNEL32(00000000), ref: 004D9B81
                                                    • GlobalAlloc.KERNEL32(00002002,00000003,?,?,?,00000000,0040D599,00000000,00000000), ref: 004D9BB8
                                                    • GlobalLock.KERNEL32(00000000), ref: 004D9BC5
                                                    • GlobalUnlock.KERNEL32(00000000), ref: 004D9BDB
                                                    • OpenClipboard.USER32(00000000), ref: 004D9BEB
                                                    • EmptyClipboard.USER32 ref: 004D9BF5
                                                    • SetClipboardData.USER32(0000000D,00000000), ref: 004D9C08
                                                    • SetClipboardData.USER32(00000001,00000000), ref: 004D9C11
                                                    • CloseClipboard.USER32 ref: 004D9C13
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: Global$Clipboard$AllocLockUnlock$Data$ByteCharCloseEmptyMultiOpenWide
                                                    • String ID:
                                                    • API String ID: 3392129136-0
                                                    • Opcode ID: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                                    • Instruction ID: e40826f6a6b6de4095afa5ba746f594757548e465f4129e7c784a6b23cc7d310
                                                    • Opcode Fuzzy Hash: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                                    • Instruction Fuzzy Hash: 7A41F371104302ABE3111B61BC99B277BFCAFA1B04F09041BF986D7341DA69EC09D7BA
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000003.1518037946.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_3_7a0000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d226f714bff62ed29fbfbeeb9c07e0a6250ee3561ac2043c385ee9577c71bd29
                                                    • Instruction ID: ca6b49ba8c948b0b2a1321171176cbff8534267d0d71147791947335bfaf874a
                                                    • Opcode Fuzzy Hash: d226f714bff62ed29fbfbeeb9c07e0a6250ee3561ac2043c385ee9577c71bd29
                                                    • Instruction Fuzzy Hash: BD516AB2A112059FEB19CF59D895BEABBF4FB48310F24806ED809EB250D3789D41CF50
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000003.1514791334.00000000007D9000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                    • Associated: 00000003.00000003.1518037946.00000000007A0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_3_7a0000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                    • Instruction ID: ef0fd70ec8bd2bfbf285bcc601704a758f7e28addf8dfbedece5c33eca63a78d
                                                    • Opcode Fuzzy Hash: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                    • Instruction Fuzzy Hash: 22F06275B00200EF8714DF0AC544C9577F6FB857147654596D5049B321D3B4FD44CB50
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: WSAAsyncGetHostByName$WSAAsyncSelect$WSACancelAsyncRequest$WSACleanup$WSAGetLastError$WSAStartup$WSOCK32.DLL$accept$bind$closesocket$connect$htonl$htons$inet_addr$listen$recv$recvfrom$send$sendto$socket
                                                    • API String ID: 0-3677570488
                                                    • Opcode ID: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                                    • Instruction ID: 8c9ac86f1f98df4bb1f2f2f05f7a43d8bd4a8589446ea9a4d4fdb8b68f6288ad
                                                    • Opcode Fuzzy Hash: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                                    • Instruction Fuzzy Hash: 5031DE71D523646AD7206BB9EC19DEF3EACFBB6704B510517F000972A0EAF88458AF94
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32 ref: 004F4A89
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F4AFB
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F4BF2
                                                    • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F4CEA
                                                    • LeaveCriticalSection.KERNEL32(?,?), ref: 004F4CFD
                                                    • EnterCriticalSection.KERNEL32(?), ref: 004F4D17
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F4D1A
                                                    • EnterCriticalSection.KERNEL32(?), ref: 004F4D36
                                                    • EnterCriticalSection.KERNEL32(?), ref: 004F4D5D
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F4D66
                                                    • EnterCriticalSection.KERNEL32(?), ref: 004F4D81
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F4D87
                                                    • EnterCriticalSection.KERNEL32(?), ref: 004F4DB6
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F4DC0
                                                    • EnterCriticalSection.KERNEL32(?), ref: 004F4E05
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F4E11
                                                    • LeaveCriticalSection.KERNEL32(?,00000000), ref: 004F4E7D
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F4E9C
                                                    • EnterCriticalSection.KERNEL32(?), ref: 004F4EB3
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F4ED9
                                                    • EnterCriticalSection.KERNEL32(?), ref: 004F4EF4
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F4F06
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$Leave$Enter
                                                    • String ID: NetStream.Play.Start$NetStream.Play.Stop$NetStream.Play.StreamNotFound$NetStream.Seek.InvalidTime$NetStream.Seek.Notify$error$status
                                                    • API String ID: 2978645861-761530088
                                                    • Opcode ID: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                                    • Instruction ID: 162dc2aece2cb8deeda7270d3cf99ca9d96a23cce06d37320eaaf024755f17c1
                                                    • Opcode Fuzzy Hash: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                                    • Instruction Fuzzy Hash: C7E190352047459FD320DB34C845BABBBE1BF89714F04895DE9AA57382CB74F80ACB65
                                                    APIs
                                                    • DestroyWindow.USER32(?,?,?,?,?), ref: 004D5D5F
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: DestroyWindow
                                                    • String ID: D$FSCommand:$\fscommand$allowscale$exec$fullscreen$quit$showmenu$trapallkeys
                                                    • API String ID: 3375834691-1928458085
                                                    • Opcode ID: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                                    • Instruction ID: 7647b0b3e504c4bbb0374484e0d8b702cf2a7569de5a553b4a60fd35f403e9ef
                                                    • Opcode Fuzzy Hash: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                                    • Instruction Fuzzy Hash: 27914C35504B015BCB24EF28EC617FBB791AFA6309F44451FE8888B341DB2A990BC7D9
                                                    APIs
                                                    • GetWindowLongA.USER32(?,000000F0), ref: 004DB511
                                                    • GetWindowRect.USER32(?,?), ref: 004DB531
                                                    • GetClientRect.USER32(?,?), ref: 004DB541
                                                    • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB55D
                                                    • GetMenu.USER32(?), ref: 004DB581
                                                    • SetMenu.USER32(?,00000000), ref: 004DB596
                                                    • GetDesktopWindow.USER32 ref: 004DB5B0
                                                    • GetWindowRect.USER32(00000000,?), ref: 004DB5BC
                                                    • SetWindowPos.USER32(?,00000000,?,?,?,?,00000000,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB5E1
                                                    • GetWindowLongA.USER32(?,000000F0), ref: 004DB604
                                                    • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB62A
                                                    • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB66D
                                                    • GetWindowRect.USER32(?,?), ref: 004DB6A5
                                                    • GetClientRect.USER32(?,?), ref: 004DB6B7
                                                    • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB702
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: Window$Rect$Long$ClientMenuMove$Desktop
                                                    • String ID:
                                                    • API String ID: 3087884050-0
                                                    • Opcode ID: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                                    • Instruction ID: afb7dc4107877f96dc9ff69242aee4b267e14dc018c2a581ac30f1de2d6509eb
                                                    • Opcode Fuzzy Hash: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                                    • Instruction Fuzzy Hash: 1C61F7756047009FE714CF79D888FA7B7E9EB98314F108A1EE5AA83344DE74B8088B65
                                                    APIs
                                                    • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFE8F
                                                    • RegQueryValueExW.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFEC1
                                                    • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFF52
                                                    • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFF84
                                                    • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFFF3
                                                    • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004D0021
                                                    • RegCloseKey.ADVAPI32(00000000), ref: 004D0043
                                                      • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: OpenQueryValue$CloseVersion
                                                    • String ID: AppData$AppData$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                                    • API String ID: 3944000476-502054578
                                                    • Opcode ID: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                                    • Instruction ID: f72081d33d1e3e5e856db847e9c33e0e25e3821136d69a0383b26c3c547fa845
                                                    • Opcode Fuzzy Hash: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                                    • Instruction Fuzzy Hash: 0151B2715087017BC725DB50EC95FAB73E8AF88754F00891EF98553381EAB9D80AC7AA
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32(?,?,00000000,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F606E
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F608D
                                                    • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6111
                                                    • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F611B
                                                    • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F612B
                                                    • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6135
                                                      • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                                      • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                                      • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                                      • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                                      • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                                      • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                                    • EnterCriticalSection.KERNEL32(?,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F61D1
                                                    • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6212
                                                    • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F621C
                                                    • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6244
                                                    • EnterCriticalSection.KERNEL32(?,00000001,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6268
                                                    • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62A9
                                                    • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62B3
                                                    • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62DB
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$EnterLeave
                                                    • String ID:
                                                    • API String ID: 3168844106-0
                                                    • Opcode ID: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                                    • Instruction ID: 143f1fb28292c6c8f5848ec82d72cb0c1768edffe3cb57bca7300ec5568bca4f
                                                    • Opcode Fuzzy Hash: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                                    • Instruction Fuzzy Hash: 2AA1113020430E8BC725DF349854BBBBBB9AF94304F15056EFA5687382DB79E809CB65
                                                    APIs
                                                    • StartDocA.GDI32(?,00000000), ref: 004D7F29
                                                    • GetDeviceCaps.GDI32(?,00000008), ref: 004D7F47
                                                    • GetDeviceCaps.GDI32(?,0000000A), ref: 004D7F55
                                                    • LPtoDP.GDI32(00000000,00000002), ref: 004D7F83
                                                    • GetDeviceCaps.GDI32(00000000,0000006E), ref: 004D7FA0
                                                    • GetDeviceCaps.GDI32(00000000,0000006F), ref: 004D7FAE
                                                    • GetDeviceCaps.GDI32(00000000,00000058), ref: 004D7FBC
                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004D7FD2
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CapsDevice$Start
                                                    • String ID: portrait
                                                    • API String ID: 1738886688-2504013051
                                                    • Opcode ID: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                                    • Instruction ID: 78bfa520cedcb1c13f518f393ea8421dc938ea51f70754ce75912898c89e0c82
                                                    • Opcode Fuzzy Hash: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                                    • Instruction Fuzzy Hash: 7641DFB0604B109FC324DF2AD980A1AFBF5BF98710F108A1EE58A877A1D771E845CF91
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32(?,00000000,?,00000000,00000000,?,004AC0BD,?,?), ref: 004F705A
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F7081
                                                    • EnterCriticalSection.KERNEL32(?), ref: 004F709A
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F70A3
                                                    • timeGetTime.WINMM(00000000,00000000,00000000,00000000,?), ref: 004F7390
                                                    • LeaveCriticalSection.KERNEL32(?,?), ref: 004F73D5
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$Leave$Enter$Timetime
                                                    • String ID:
                                                    • API String ID: 4022644143-0
                                                    • Opcode ID: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                                    • Instruction ID: 3d57daaa4b40982c2e4bbac1192c2a7fdd3e5fb289d79a2cbb097eeb1d58369f
                                                    • Opcode Fuzzy Hash: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                                    • Instruction Fuzzy Hash: 60A12B303083495BC7259F398890BBBBBE59F85700F04456EFA9AC7392DB6CE905D768
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32(?,?,?,00000000,004F7352,?), ref: 004F2A19
                                                    • timeGetTime.WINMM ref: 004F2A25
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F2A39
                                                    • timeGetTime.WINMM(?), ref: 004F2A46
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F2AD7
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$LeaveTimetime$Enter
                                                    • String ID: NetStream.Buffer.Empty$NetStream.Buffer.Full$status
                                                    • API String ID: 2943255653-4242577526
                                                    • Opcode ID: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                                    • Instruction ID: adfbc573f46a5ae42de3eb127535f59d6c3a8125dfae6686c248f3bcdabba04f
                                                    • Opcode Fuzzy Hash: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                                    • Instruction Fuzzy Hash: 33217471740705ABD7308F14DD86B6BB7A4FB50B21F24462BF267966D0C7B4B8408754
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B64,00000002), ref: 004F3ED0
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F3EDE
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F3F20
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$Leave$Enter
                                                    • String ID:
                                                    • API String ID: 2978645861-0
                                                    • Opcode ID: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                                    • Instruction ID: 85195bc957575009e4a7604c5a43e45099f91f30af12cfc7e5b33174ac27f883
                                                    • Opcode Fuzzy Hash: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                                    • Instruction Fuzzy Hash: BF81C0316047494FC724DF39989057BB7F1AF853117148A2FE6A787B81DB38E805CB68
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32(?), ref: 00401181
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004011B1
                                                    • timeGetTime.WINMM ref: 004011C5
                                                    • timeGetTime.WINMM ref: 004011D5
                                                    • EnterCriticalSection.KERNEL32(?), ref: 004011E3
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 0040122A
                                                    • timeGetTime.WINMM ref: 0040123E
                                                    • EnterCriticalSection.KERNEL32(?), ref: 00401261
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 0040129E
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$EnterLeaveTimetime
                                                    • String ID:
                                                    • API String ID: 3486229058-0
                                                    • Opcode ID: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                                    • Instruction ID: b4a63a4f06c8fcffd2d454e61e85ed039b73bf68413dd997414ba6e559c29426
                                                    • Opcode Fuzzy Hash: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                                    • Instruction Fuzzy Hash: 6641D6357003148FCB309F60E80466BB7F4AF6575470486AEE896BB3E1DB38EC459AA5
                                                    APIs
                                                    • InterlockedExchange.KERNEL32(00000020,00000000), ref: 00411B68
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: ExchangeInterlocked
                                                    • String ID: GET$_bytesLoaded$_bytesTotal$_customHeaders$contentType$loaded
                                                    • API String ID: 367298776-2876428247
                                                    • Opcode ID: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                                    • Instruction ID: 337a073203a489cf9af6a636d5e82807fd5ac3b12a53b57697a6972a4ae57270
                                                    • Opcode Fuzzy Hash: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                                    • Instruction Fuzzy Hash: F6D126706047056BC714EF65D842AABB7E5BF88304F404A2EFA4687392EB38F945C799
                                                    APIs
                                                    • type_info::operator==.LIBVCRUNTIME ref: 007CE960
                                                    • ___TypeMatch.LIBVCRUNTIME ref: 007CEA6E
                                                    • _UnwindNestedFrames.LIBCMT ref: 007CEBC0
                                                    • CallUnexpected.LIBVCRUNTIME ref: 007CEBDB
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000003.1518037946.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_3_7a0000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                    • String ID: csm$csm$csm
                                                    • API String ID: 2751267872-393685449
                                                    • Opcode ID: b9ab95a4e47fab344a6e7ab70ab3b70abf1309b41cdc95eee017af9d9d86d884
                                                    • Instruction ID: 80a19a395c9a15051bf72db8e440a3931cb9153654a270fcd77bb47acce935fb
                                                    • Opcode Fuzzy Hash: b9ab95a4e47fab344a6e7ab70ab3b70abf1309b41cdc95eee017af9d9d86d884
                                                    • Instruction Fuzzy Hash: 2FB11871800209EFCF29DFA4C885EAEBBB5BF14310F14456EE8156B212D779EE51CB92
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,004F5BA3,00000000), ref: 004F34EA
                                                    • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3537
                                                    • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3545
                                                    • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3556
                                                    • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F355F
                                                    • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3594
                                                    • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F359D
                                                    • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36AD
                                                    • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36BB
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$Enter$Leave
                                                    • String ID:
                                                    • API String ID: 2801635615-0
                                                    • Opcode ID: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                                    • Instruction ID: 93c01fc31a9ee7373f9c1d93048bf40271cec5808ab28bfcb2eca2428eaae834
                                                    • Opcode Fuzzy Hash: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                                    • Instruction Fuzzy Hash: 1F51BE3020474A9BD7249F319558BBBBBF8AF84742F04485EE5DEC3361DB28EA08C724
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32(?,?,?,?), ref: 004F3709
                                                    • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F374C
                                                    • LeaveCriticalSection.KERNEL32(?,?), ref: 004F375C
                                                    • EnterCriticalSection.KERNEL32(?), ref: 004F376D
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F377A
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F37A9
                                                    • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F37C5
                                                    • LeaveCriticalSection.KERNEL32(?,?), ref: 004F37D5
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F37EC
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$Leave$Enter
                                                    • String ID:
                                                    • API String ID: 2978645861-0
                                                    • Opcode ID: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                                    • Instruction ID: 1822ab8b2bc00c4b335a7296647f06df4fe24da2c1cedc303b1505dbbb5a7089
                                                    • Opcode Fuzzy Hash: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                                    • Instruction Fuzzy Hash: 2831D1B11087894BC610AF35A9807EBFBF8BF89714F04499DE5E953251C734AA1DC726
                                                    APIs
                                                    • _ValidateLocalCookies.LIBCMT ref: 007CD977
                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 007CD97F
                                                    • _ValidateLocalCookies.LIBCMT ref: 007CDA08
                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 007CDA33
                                                    • _ValidateLocalCookies.LIBCMT ref: 007CDA88
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000003.1518037946.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_3_7a0000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                    • String ID: csm
                                                    • API String ID: 1170836740-1018135373
                                                    • Opcode ID: 2566e749357cb0ba2efa1a1b021d70087ff1bea505c1d32106b274d3e2014b22
                                                    • Instruction ID: 73b477d21b9d6c7fbad3c11516e8685cf2d8cd7839a9f3f5ee876fcc05aaaf28
                                                    • Opcode Fuzzy Hash: 2566e749357cb0ba2efa1a1b021d70087ff1bea505c1d32106b274d3e2014b22
                                                    • Instruction Fuzzy Hash: 3F416F34A00209DBCF20DF68C885F9EBBB5EF45324F14816DE819AB392D739AD15CB91
                                                    APIs
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: localhost
                                                    • API String ID: 0-2663516195
                                                    • Opcode ID: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                                    • Instruction ID: cf482c115b2fa46a5b5609c5aae3d134ea41c2cdeafd480f3feffcf81808ee73
                                                    • Opcode Fuzzy Hash: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                                    • Instruction Fuzzy Hash: 9131ED30208311ABDB20DF249C85BBBB7E5FF95710F004A1EF9559B381E7719948C7A6
                                                    APIs
                                                    • timeGetTime.WINMM(00000000), ref: 004145E1
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: Timetime
                                                    • String ID: gfff$gfff$gfff$gfff
                                                    • API String ID: 17336451-2178600047
                                                    • Opcode ID: 36ada0748ce7ae867fc8d0b968c8e92e83edef51ded80e37bf17f681d92f4674
                                                    • Instruction ID: e32ce3efbecf0e845fb5c017bd6949167df468d5a0ad1b28c98723774e94ba96
                                                    • Opcode Fuzzy Hash: 36ada0748ce7ae867fc8d0b968c8e92e83edef51ded80e37bf17f681d92f4674
                                                    • Instruction Fuzzy Hash: 79C17E313046059BD718DF15C494BEA77A6BFC8704F18856EE8498F382CB79ED42CB9A
                                                    APIs
                                                    • timeKillEvent.WINMM(?,?,?,00000000,?,0041D4A9), ref: 004D8B13
                                                    • Sleep.KERNEL32(00000001,?,0041D4A9), ref: 004D8B2D
                                                    • waveOutReset.WINMM(?,?,0041D4A9), ref: 004D8B34
                                                    • waveOutUnprepareHeader.WINMM(?,-000013C4,00000020,?,?,0041D4A9), ref: 004D8B5A
                                                    • Sleep.KERNEL32(00000001,?,?,0041D4A9), ref: 004D8B63
                                                    • waveOutClose.WINMM(?,?,0041D4A9), ref: 004D8B86
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: wave$Sleep$CloseEventHeaderKillResetUnpreparetime
                                                    • String ID:
                                                    • API String ID: 3030913982-0
                                                    • Opcode ID: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                                    • Instruction ID: 723e303dfaa0e6e3e16fcc3d7d301ea8209cd941138754b25ec6b12d62c8e06b
                                                    • Opcode Fuzzy Hash: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                                    • Instruction Fuzzy Hash: 0401ADB5A00214ABC3149F14EC88AAEB7F8FB98B11F00091BF41497301CB79A9598BF5
                                                    APIs
                                                    • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000,?,?,?,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF94E
                                                    • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,-00000001,00000000,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF99D
                                                    • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000), ref: 004CF9BF
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID: \\?\
                                                    • API String ID: 823142352-4282027825
                                                    • Opcode ID: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                                    • Instruction ID: d900b4c61e2357813c95f9d4093febd61d3ae0210469f6574eac6d9984f09979
                                                    • Opcode Fuzzy Hash: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                                    • Instruction Fuzzy Hash: A141C2B5904300BBEB50EB21DC86F1B77A9EB89348F24092EF54597381D63DDC48C7A6
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32(?,00000000,?,?,004DDFDB,000000FF,00000001,004DE7BA), ref: 004DD6FC
                                                    • EnterCriticalSection.KERNEL32(?), ref: 004DD71E
                                                      • Part of subcall function 004FA760: EnterCriticalSection.KERNEL32(?,?,00000000,0015381C,?,004DD732), ref: 004FA76A
                                                      • Part of subcall function 004FA760: LeaveCriticalSection.KERNEL32(?), ref: 004FA77A
                                                      • Part of subcall function 004DC9A0: EnterCriticalSection.KERNEL32 ref: 004DCA0C
                                                      • Part of subcall function 004DC9A0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?), ref: 004DCA1D
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004DD741
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004DD744
                                                    • EnterCriticalSection.KERNEL32(?), ref: 004DD74C
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004DD771
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004DD774
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$Leave$Enter
                                                    • String ID:
                                                    • API String ID: 2978645861-0
                                                    • Opcode ID: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                                    • Instruction ID: 32add75de912499d63db8df7e296ef1919b4cd71e3024a8d459c2c8f380e6b48
                                                    • Opcode Fuzzy Hash: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                                    • Instruction Fuzzy Hash: 59012975302A155FD324EB2ADC90B6BE3F9AF91354F00842FE546C3750CB64FC058AA9
                                                    APIs
                                                    • CreateWindowExA.USER32(00000000,STATIC,Dummy,80000000,00000000,00000000,00000005,00000005,00000000,00000000,00000000,00000000), ref: 004D866B
                                                    • SetWindowLongA.USER32(00000000,000000EB,00000000), ref: 004D8683
                                                    • SetWindowLongA.USER32(?,000000FC,004D8520), ref: 004D8690
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: Window$Long$Create
                                                    • String ID: Dummy$STATIC
                                                    • API String ID: 1733017098-132613206
                                                    • Opcode ID: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                                    • Instruction ID: 60c9263fdfddd51d1a46959990d996e43c4a0f9c9599785539e6d357df671051
                                                    • Opcode Fuzzy Hash: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                                    • Instruction Fuzzy Hash: 35F0303138471076E630A66ABC06F57B6EC9B59F31F21071AB319F76E0DAE0F8004A2C
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32(?,00000010,?,00000000,00000000,004EF87C,?,?,004AC02B,?,?), ref: 004F5A80
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F5A8A
                                                    • EnterCriticalSection.KERNEL32(?), ref: 004F5B2E
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F5B3D
                                                    • EnterCriticalSection.KERNEL32(?,00000002), ref: 004F5B78
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F5B8A
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$EnterLeave
                                                    • String ID:
                                                    • API String ID: 3168844106-0
                                                    • Opcode ID: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                                    • Instruction ID: 42192e3c7faa4449eaa7148df56c5331408008ed83f87a65c0d534a8c29348b8
                                                    • Opcode Fuzzy Hash: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                                    • Instruction Fuzzy Hash: EE41B634300B0D5BD7259F319894BBB77A9AF80704F08415EEB6A8B392DB18FC15D768
                                                    APIs
                                                    • timeGetTime.WINMM(?,?,?,?,?,?), ref: 004F274C
                                                    • EnterCriticalSection.KERNEL32(?,00000000,?,?,?), ref: 004F277D
                                                    • LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 004F2787
                                                    • timeGetTime.WINMM(?,?), ref: 004F2792
                                                    • timeGetTime.WINMM(?,?,?,?,?), ref: 004F27C6
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: Timetime$CriticalSection$EnterLeave
                                                    • String ID:
                                                    • API String ID: 1404962471-0
                                                    • Opcode ID: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                                    • Instruction ID: 9d8894fa7cd5c1a3a8d1574b016894ebc4e8e1121a62fd2c9071eafdbb47ea2c
                                                    • Opcode Fuzzy Hash: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                                    • Instruction Fuzzy Hash: B531BC35208B049BC314DF25E9956ABB7F1FFC9720F148A2DE4EA83390DB34A419CB56
                                                    APIs
                                                    • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 00529421
                                                    • Sleep.KERNEL32(00000000,?,08000041,?,?,00529592,?,?), ref: 00529431
                                                    • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 0052943A
                                                    • InterlockedExchange.KERNEL32(00000378,00000000), ref: 0052944F
                                                    • __aulldiv.LIBCMT ref: 0052947B
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: ExchangeInterlocked$Compare$Sleep__aulldiv
                                                    • String ID:
                                                    • API String ID: 1430435781-0
                                                    • Opcode ID: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                                    • Instruction ID: c7c6432b147b16162d76303af8a74e071e756cb34c164aed74e4a8b1f06fd785
                                                    • Opcode Fuzzy Hash: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                                    • Instruction Fuzzy Hash: 9C215AB15007409FD7219F2A9844A67FEFCFFA1705F10851FA45A873A1D7B4A904CB64
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                                    • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                                    • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                                    • EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$EnterLeave
                                                    • String ID:
                                                    • API String ID: 3168844106-0
                                                    • Opcode ID: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                                    • Instruction ID: 3111dceef54b192a201187cebb12310cd19e01e5115420dd7c98ed3fae01612e
                                                    • Opcode Fuzzy Hash: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                                    • Instruction Fuzzy Hash: 2921A73520174A4BD710AF66E888BFFB7B8EB60305F00852FEB4643251C779A84ADB64
                                                    APIs
                                                    • CreateSolidBrush.GDI32(?), ref: 004D802E
                                                    • SelectObject.GDI32(?,00000000), ref: 004D8044
                                                    • FillRect.USER32(?,?,00000000), ref: 004D8067
                                                    • SelectObject.GDI32(?,00000000), ref: 004D8075
                                                    • DeleteObject.GDI32(00000000), ref: 004D8078
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: Object$Select$BrushCreateDeleteFillRectSolid
                                                    • String ID:
                                                    • API String ID: 3777265051-0
                                                    • Opcode ID: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                                    • Instruction ID: d8a686452ba02d7e488f009474b8275e6b936404318e954abf19810798465268
                                                    • Opcode Fuzzy Hash: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                                    • Instruction Fuzzy Hash: 76019A752042046FC304DB69ED88C6B7BF8EACD614B000A5DFA8983312E635E806DB71
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32(?,?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E468C
                                                    • LeaveCriticalSection.KERNEL32(?,0041D485), ref: 004E46A2
                                                    • DeleteCriticalSection.KERNEL32(?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D0
                                                    • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D9
                                                    • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46E6
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$Delete$EnterLeave
                                                    • String ID:
                                                    • API String ID: 3104255891-0
                                                    • Opcode ID: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                                    • Instruction ID: c031ed0988ac34fb64eb35ca7992c3622ed3d26c78e5592643255ae209dbdd49
                                                    • Opcode Fuzzy Hash: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                                    • Instruction Fuzzy Hash: D101D4B750060C5BC2106B35EC81BAF73A8AFC4214F05051EF54F93241DA68B8088BA1
                                                    APIs
                                                    • OpenClipboard.USER32(00000000), ref: 004D9C27
                                                    • GetClipboardData.USER32(00000001), ref: 004D9C3A
                                                    • GetClipboardData.USER32(0000000D), ref: 004D9C42
                                                    • GetClipboardData.USER32(00000000), ref: 004D9C4B
                                                    • CloseClipboard.USER32 ref: 004D9C56
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: Clipboard$Data$CloseOpen
                                                    • String ID:
                                                    • API String ID: 464010812-0
                                                    • Opcode ID: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                                    • Instruction ID: 2f18cbc0f6c8a3dbd26954e8439ab7c802a903eab365c315afdcc22c9d276e9e
                                                    • Opcode Fuzzy Hash: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                                    • Instruction Fuzzy Hash: 41E09AB230022517EB9026BA6C4CF97A2EC9F54F90F050123F604C6340E6A6CC0457B1
                                                    APIs
                                                    • GetFileAttributesExA.KERNEL32(?,00000000,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?), ref: 004CFE0F
                                                      • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                                    • GetFileAttributesExW.KERNEL32(00000000,00000000,?,?,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852), ref: 004CFDAF
                                                    • GetFileAttributesExA.KERNEL32(00000000,00000000,?,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?,00000000), ref: 004CFDED
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: AttributesFile$Version
                                                    • String ID: \\?\
                                                    • API String ID: 3849939888-4282027825
                                                    • Opcode ID: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                                    • Instruction ID: f991edffad243b4bd670aca913d189ed867c40d808b57564552852d0b3f79ee3
                                                    • Opcode Fuzzy Hash: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                                    • Instruction Fuzzy Hash: 6431277A90031067D710AA65AC42FEB73995F85704F54042FF90687352EB6D9C0EC2EA
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32(?,00000000,00000000), ref: 004FA67B
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004FA749
                                                      • Part of subcall function 004F9B30: EnterCriticalSection.KERNEL32(?,00000000,?,004FA7A6,?,?,00153804), ref: 004F9B35
                                                      • Part of subcall function 004F9B30: LeaveCriticalSection.KERNEL32(?), ref: 004F9B84
                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000100,00000000,00000000,?), ref: 004FA715
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$EnterLeave$ByteCharMultiWide
                                                    • String ID: FriendlyName
                                                    • API String ID: 904232820-3623505368
                                                    • Opcode ID: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                                    • Instruction ID: 4f25218f4a75fa1caa45750efdb6ff353ea89136e06b91a5ad3ed6f7a0914714
                                                    • Opcode Fuzzy Hash: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                                    • Instruction Fuzzy Hash: 9A212A75244301AFD220EB54DC49F5BB7F8BF88714F008A1DFA899B290D774F8098BA6
                                                    APIs
                                                    • CreateCompatibleDC.GDI32(00000000), ref: 004CADB4
                                                    • CreateDIBSection.GDI32(00000000,?,00000000,?,00000000,00000000), ref: 004CADC8
                                                    • GetObjectA.GDI32(00000000,00000018,?), ref: 004CADD8
                                                    • DeleteDC.GDI32(00000000), ref: 004CADFF
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: Create$CompatibleDeleteObjectSection
                                                    • String ID:
                                                    • API String ID: 3137390749-0
                                                    • Opcode ID: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                                    • Instruction ID: ec125f8efd539a004f5243cd975522e641b23088832de904e1665531ca55df12
                                                    • Opcode Fuzzy Hash: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                                    • Instruction Fuzzy Hash: 2981AFB56043458FC324CF29D484A67FBF1BF98314F148A6ED58A87712D334E989CBA6
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000003.1518037946.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_3_7a0000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: AdjustPointer
                                                    • String ID:
                                                    • API String ID: 1740715915-0
                                                    • Opcode ID: 4af2649a06a45dc76cd1df25169af1e6e16b6486a0d55f5c75e7710ced2ff155
                                                    • Instruction ID: a93507f7373f89f0ff85a9b63645c339ff2de69c3e895bea3d106dbd0d861884
                                                    • Opcode Fuzzy Hash: 4af2649a06a45dc76cd1df25169af1e6e16b6486a0d55f5c75e7710ced2ff155
                                                    • Instruction Fuzzy Hash: 54510072601206EFDB298F14D985FBAB7A4FF54310F24452DEC069B2A1E779EC81DB90
                                                    APIs
                                                    • QueryPerformanceCounter.KERNEL32 ref: 0052AFF0
                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 0052B016
                                                      • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C25F
                                                      • Part of subcall function 0040C250: Sleep.KERNEL32(00000000,?,?,0052B390,?,004012F9,00000008), ref: 0040C272
                                                      • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C279
                                                    • InterlockedExchange.KERNEL32(?,00000000), ref: 0052B050
                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 0052B05B
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CounterExchangeInterlockedPerformanceQuery$Compare$Sleep
                                                    • String ID:
                                                    • API String ID: 188302963-0
                                                    • Opcode ID: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                                    • Instruction ID: 331ae7ec3883c6fb41667714d1c2397b805b788a0704fbfdebc2abdcd4384ec1
                                                    • Opcode Fuzzy Hash: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                                    • Instruction Fuzzy Hash: 19212A75604712ABC318DF65D884A9AF7E8BF89300F040A1DE85993780D734F918CBA2
                                                    APIs
                                                      • Part of subcall function 004E4850: waveInGetNumDevs.WINMM(defaultmicrophone,00000000,?,00000000,?,?,?,?,004E8459,?,?,?,?,?,?,?), ref: 004E489B
                                                      • Part of subcall function 004E4C80: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C7E,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E4C8A
                                                      • Part of subcall function 004E4C80: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E4CD7
                                                      • Part of subcall function 004E3860: EnterCriticalSection.KERNEL32(?,00000000,?,004E5C91,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E3868
                                                      • Part of subcall function 004E3860: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E388F
                                                      • Part of subcall function 004E5B40: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C9B,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?), ref: 004E5B4C
                                                      • Part of subcall function 004E5B40: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5B71
                                                    • EnterCriticalSection.KERNEL32(00000004,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E5CA2
                                                    • LeaveCriticalSection.KERNEL32(00000004,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5CB2
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$EnterLeave$Devswave
                                                    • String ID: echosuppression$gain
                                                    • API String ID: 967401230-1829011300
                                                    • Opcode ID: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                                    • Instruction ID: eec625d20ecc8ac728587d7ca18c0fda910ff7f544bd80cb39fcd025b5d808b6
                                                    • Opcode Fuzzy Hash: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                                    • Instruction Fuzzy Hash: 4C118E35700B449BC711EB67C9A1A2BB3B9BF8871AB15049EE5464B741CB24FC02CBA4
                                                    APIs
                                                      • Part of subcall function 0050B060: CreateEventA.KERNEL32(00000000,?,00000000,00000000,00000000,00509F02,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E), ref: 0050B06E
                                                    • InitializeCriticalSection.KERNEL32(0000007C,00000001,00000001,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E,00549D98,?,?), ref: 00509F34
                                                    • InitializeCriticalSection.KERNEL32(00000094,?,?,?,?,?,?,?,?,00153804), ref: 00509F3D
                                                    • InitializeCriticalSection.KERNEL32 ref: 00509F6E
                                                    • SetEvent.KERNEL32 ref: 00509F74
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalInitializeSection$Event$Create
                                                    • String ID:
                                                    • API String ID: 662013055-0
                                                    • Opcode ID: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                                    • Instruction ID: a00b6d7b902e657a52a59b9571d5736a80dfe09fbfe7896e9036a1fe9281f1e6
                                                    • Opcode Fuzzy Hash: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                                    • Instruction Fuzzy Hash: 9B21C4B1540B049FE320DF6AD884A9BFBE8FF94704F00490EE1AA83661D7B1B405CB61
                                                    APIs
                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 007CDEAD
                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 007CDEC6
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000003.1518037946.00000000007A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 007A0000, based on PE: true
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_3_7a0000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: Value___vcrt_
                                                    • String ID:
                                                    • API String ID: 1426506684-0
                                                    • Opcode ID: 5af91477f3fab8113df9f3b3bb695d5f487baed0130933ada832e6682755f51f
                                                    • Instruction ID: 7a2976c3ed494013c0fe826b26b4fe6f248fde75f1add784ab675c13f6859036
                                                    • Opcode Fuzzy Hash: 5af91477f3fab8113df9f3b3bb695d5f487baed0130933ada832e6682755f51f
                                                    • Instruction Fuzzy Hash: 8401D83210A3519EA7343774BC89FA627A8FF557B5B24023EF525491E1EF294C12A250
                                                    APIs
                                                    • GetSystemDirectoryA.KERNEL32(?,00000105), ref: 004D2AB9
                                                    • CreateCompatibleDC.GDI32(00000000), ref: 004D2B3D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CompatibleCreateDirectorySystem
                                                    • String ID: Macromed\Flash\
                                                    • API String ID: 2606042488-1438515271
                                                    • Opcode ID: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                                    • Instruction ID: 299e9cb63676f09c6c690dce7675c16131e739682a5e940449f79e26451de6f9
                                                    • Opcode Fuzzy Hash: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                                    • Instruction Fuzzy Hash: 8F118A711047016FC704EF21EC52AAF77E4BF98704F40491EF19943281DB78A908CFAA
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B22,00000001,000000FF), ref: 004F2BFE
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F2C88
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F2CCE
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F2CF1
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$Leave$Enter
                                                    • String ID:
                                                    • API String ID: 2978645861-0
                                                    • Opcode ID: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                                    • Instruction ID: d821757bbb06b5f881817bb4be3b83133dcd2ebdcf47b2e92145d0cebd45ebc1
                                                    • Opcode Fuzzy Hash: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                                    • Instruction Fuzzy Hash: D631D2762042854FD3248F29D898A3BBBF5EFD9351F19856EE696C7381C779D808C720
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,004F7247,?), ref: 004F64C1
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F64E6
                                                    • EnterCriticalSection.KERNEL32(?), ref: 004F64EC
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004F6515
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$EnterLeave
                                                    • String ID:
                                                    • API String ID: 3168844106-0
                                                    • Opcode ID: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                                    • Instruction ID: c39e4b2d7a975ea5970b06f88a1f0ae82272a8bb6f48ad921d14b69448efe04b
                                                    • Opcode Fuzzy Hash: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                                    • Instruction Fuzzy Hash: FC0188352003485BC714EF24D880A77F3A9AF46258B19559DE5C657342CA39EC06CBA4
                                                    APIs
                                                    • EnterCriticalSection.KERNEL32(?), ref: 0040139D
                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004013B3
                                                    • EnterCriticalSection.KERNEL32(00000005), ref: 004013CA
                                                    • LeaveCriticalSection.KERNEL32(00000005), ref: 004013D8
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.1522707337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                    • Associated: 00000003.00000002.1522676682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522869260.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522905611.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000071B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000072A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    • Associated: 00000003.00000002.1522988900.000000000073E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_3_2_400000_PCrn0I0aO9.jbxd
                                                    Similarity
                                                    • API ID: CriticalSection$EnterLeave
                                                    • String ID:
                                                    • API String ID: 3168844106-0
                                                    • Opcode ID: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                                    • Instruction ID: 1dc668918495c93d19b35d2f921703afc781594381be1afc9f76799b5a6aac2f
                                                    • Opcode Fuzzy Hash: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                                    • Instruction Fuzzy Hash: 280112B620070AAFC310CF69D884946FBF8FFA8314B10C55AE95983711C771F956CBA0
                                                    APIs
                                                    • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 028A0326
                                                      • Part of subcall function 028A00A4: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 028A00CD
                                                      • Part of subcall function 028A00A4: VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 028A0279
                                                    • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 028A0378
                                                    • VirtualProtect.KERNELBASE(0000002C,?,00000040,?), ref: 028A03E7
                                                    • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 028A0407
                                                    • MapViewOfFile.KERNELBASE(?,00000004,00000000,00000000,00000000), ref: 028A042E
                                                    • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 028A0456
                                                    • CloseHandle.KERNELBASE(?), ref: 028A0471
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000003.1518487692.00000000028A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_3_28a0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Virtual$Alloc$Free$CloseFileHandleProtectView
                                                    • String ID: ,
                                                    • API String ID: 3867569247-3772416878
                                                    • Opcode ID: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                                    • Instruction ID: 61fda89e139b816e9c1f457d2604ef334fcce5504ea57055fb30a00c1dd897bc
                                                    • Opcode Fuzzy Hash: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                                    • Instruction Fuzzy Hash: 9461FAB9900209EFDB20DFA9C884A9EBBB9FF08354F14C51AE959E7240D774A941CF60
                                                    APIs
                                                    • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 028A00CD
                                                    • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 028A0279
                                                    Memory Dump Source
                                                    • Source File: 00000004.00000003.1518487692.00000000028A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 028A0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_4_3_28a0000_svchost.jbxd
                                                    Similarity
                                                    • API ID: Virtual$AllocFree
                                                    • String ID:
                                                    • API String ID: 2087232378-0
                                                    • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                    • Instruction ID: a2b67ac9ad964c700e96d51342848ece9bfaf27c31d02d9e6550f1db77190d34
                                                    • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                    • Instruction Fuzzy Hash: F1718A79E04249DFEB42CF98C891BEDBBF0EB09319F244095E465FB241C734AA91CB65

                                                    Execution Graph

                                                    Execution Coverage:33.4%
                                                    Dynamic/Decrypted Code Coverage:100%
                                                    Signature Coverage:83.3%
                                                    Total number of Nodes:24
                                                    Total number of Limit Nodes:0
                                                    execution_graph 415 256917e1cf4 417 256917e1d19 415->417 416 256917e1fa1 417->416 426 256917e15c0 417->426 419 256917e1f98 CloseHandle 419->416 420 256917e1f88 NtAcceptConnectPort 420->419 421 256917e1e3a 421->419 421->420 423 256917e1ecd 421->423 429 256917e0ac8 421->429 423->423 435 256917e1aa4 NtAcceptConnectPort 423->435 428 256917e15f4 NtAcceptConnectPort 426->428 428->421 430 256917e0c62 429->430 431 256917e0ae8 429->431 430->423 431->430 431->431 432 256917e0be8 NtAcceptConnectPort 431->432 432->430 433 256917e0c1b 432->433 433->430 434 256917e0c33 NtAcceptConnectPort 433->434 434->430 436 256917e1af7 435->436 437 256917e1c04 435->437 441 256917e1870 436->441 437->420 439 256917e1b10 440 256917e1bb6 NtAcceptConnectPort 439->440 440->437 442 256917e1889 441->442 443 256917e1930 GetProcessMitigationPolicy 442->443 444 256917e1949 442->444 443->444 444->439

                                                    Callgraph

                                                    Control-flow Graph

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000008.00000002.1736925633.00000256917E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000256917E0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_8_2_256917e0000_fontdrvhost.jbxd
                                                    Similarity
                                                    • API ID: AcceptCloseConnectHandlePort
                                                    • String ID:
                                                    • API String ID: 3811980168-0
                                                    • Opcode ID: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                                    • Instruction ID: aa53ab81c8e19c447d7722353c417a5a6c389c1852f3db9373ca0e72f2adce1d
                                                    • Opcode Fuzzy Hash: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                                    • Instruction Fuzzy Hash: 81911A34508E098FD764EF1CC84ABF573E1FB98311F64465ED48BCB2A6DA34A9828785

                                                    Control-flow Graph

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000008.00000002.1736925633.00000256917E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000256917E0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_8_2_256917e0000_fontdrvhost.jbxd
                                                    Similarity
                                                    • API ID: AcceptConnectPort
                                                    • String ID:
                                                    • API String ID: 1658770261-0
                                                    • Opcode ID: 275693e7d66e5d53f7e2184dfa7c88ce453f9d9d0d3e8ba4525500231a394657
                                                    • Instruction ID: 1851104cca0d8561c3b07510ecf4cc46a9e8739d51ec8861f5fe74c7b4850fcd
                                                    • Opcode Fuzzy Hash: 275693e7d66e5d53f7e2184dfa7c88ce453f9d9d0d3e8ba4525500231a394657
                                                    • Instruction Fuzzy Hash: 30514938618E560AE72CA6389C9D6B9B7D0F781306F74059ED0F3CA1B3E934C6478786

                                                    Control-flow Graph

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000008.00000002.1736925633.00000256917E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000256917E0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_8_2_256917e0000_fontdrvhost.jbxd
                                                    Similarity
                                                    • API ID: AcceptConnectPort$MitigationPolicyProcess
                                                    • String ID:
                                                    • API String ID: 2923266908-0
                                                    • Opcode ID: e7c877b781110a0d6e647df344fb2e40eb660a4b7f668a210715c22aed20397b
                                                    • Instruction ID: 9b4066cc503f026c67280347526f38c4c2dafdd18d972c991081dcb394b63e88
                                                    • Opcode Fuzzy Hash: e7c877b781110a0d6e647df344fb2e40eb660a4b7f668a210715c22aed20397b
                                                    • Instruction Fuzzy Hash: 8D410330208F498FDB44DF2C8C897A57BD0EB55320F14439EE85ACB2D7DA34C9458795

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 118 256917e15c0-256917e15f2 119 256917e15f4-256917e15f7 118->119 120 256917e15f9-256917e15fb 118->120 121 256917e161f-256917e166d NtAcceptConnectPort 119->121 122 256917e15fd-256917e1609 120->122 123 256917e160b-256917e160d 120->123 122->121 124 256917e160f-256917e161b 123->124 125 256917e161d 123->125 124->121 125->121
                                                    APIs
                                                    • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,00000000,00000256917E1E3A), ref: 00000256917E1654
                                                    Memory Dump Source
                                                    • Source File: 00000008.00000002.1736925633.00000256917E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000256917E0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_8_2_256917e0000_fontdrvhost.jbxd
                                                    Similarity
                                                    • API ID: AcceptConnectPort
                                                    • String ID:
                                                    • API String ID: 1658770261-0
                                                    • Opcode ID: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                                    • Instruction ID: 271f8563485f465ef086776edc2ec2f7771a0c753cdcd21b9c0a2f648654e029
                                                    • Opcode Fuzzy Hash: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                                    • Instruction Fuzzy Hash: 16216671608B058FDB54DF18C4CE6A5B7E1FB68305F540A6EE44AC7260DB31D585CB45

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 95 256917e1870-256917e18a0 call 256917e08a4 * 2 100 256917e1954-256917e195b 95->100 101 256917e18a6-256917e18a9 95->101 101->100 102 256917e18af-256917e18b9 101->102 102->100 103 256917e18bf-256917e18c4 102->103 103->100 104 256917e18ca-256917e18d7 103->104 104->100 105 256917e18d9-256917e18e1 104->105 105->100 106 256917e18e3-256917e18ee 105->106 106->100 107 256917e18f0-256917e18f7 106->107 107->100 108 256917e18f9-256917e18fc 107->108 108->100 109 256917e18fe-256917e1906 108->109 109->100 110 256917e1908-256917e190b 109->110 110->100 111 256917e190d-256917e1916 110->111 111->100 112 256917e1918-256917e191c 111->112 112->100 113 256917e191e-256917e192e 112->113 113->100 115 256917e1930-256917e1947 GetProcessMitigationPolicy 113->115 115->100 116 256917e1949-256917e194e 115->116 116->100 117 256917e1950-256917e1951 116->117 117->100
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000008.00000002.1736925633.00000256917E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000256917E0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_8_2_256917e0000_fontdrvhost.jbxd
                                                    Similarity
                                                    • API ID: MitigationPolicyProcess
                                                    • String ID:
                                                    • API String ID: 1088084561-0
                                                    • Opcode ID: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                                    • Instruction ID: 3b1db35930d990ac6c1be4a627fce5214725d1bd40f2cefa28f56c5e4238c0f9
                                                    • Opcode Fuzzy Hash: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                                    • Instruction Fuzzy Hash: 5531B634200E474AFBA597688CAD7F172D0EB94312FA411B9C017DB1E1EB75CB49C768
                                                    Memory Dump Source
                                                    • Source File: 00000008.00000002.1736925633.00000256917E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000256917E0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_8_2_256917e0000_fontdrvhost.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                                    • Instruction ID: 1684949b0e2b346c4f6e13502068689c61c9b2d028cdf62c4328b71d82623ec0
                                                    • Opcode Fuzzy Hash: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                                    • Instruction Fuzzy Hash: CFB01130E2AA00C2E3880E0AB8023A0F2B2C30B300F02B2322002F3220CA28CC08028F