Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
1CSDmJh1zN.exe

Overview

General Information

Sample name:1CSDmJh1zN.exe
renamed because original name is a hash value
Original sample name:0b393e441f2d3bc70648fe9955d5bb89f79b1d0f3d76e8e054347333324898ee.exe
Analysis ID:1568506
MD5:9921eaf4b2c06a77de92d1f439922c77
SHA1:059450429f11411c3dbb6686ee7adcc877db08c9
SHA256:0b393e441f2d3bc70648fe9955d5bb89f79b1d0f3d76e8e054347333324898ee
Tags:Compilazioneprotetticopyrightexeuser-JAMESWT_MHT
Infos:

Detection

RHADAMANTHYS
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected RHADAMANTHYS Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops large PE files
Injects a PE file into a foreign processes
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
One or more processes crash
PE file contains an invalid checksum
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Keylogger Generic

Classification

  • System is w10x64
  • 1CSDmJh1zN.exe (PID: 7716 cmdline: "C:\Users\user\Desktop\1CSDmJh1zN.exe" MD5: 9921EAF4B2C06A77DE92D1F439922C77)
    • 1CSDmJh1zN.exe (PID: 8024 cmdline: "C:\Users\user\Desktop\1CSDmJh1zN.exe" MD5: 9921EAF4B2C06A77DE92D1F439922C77)
      • svchost.exe (PID: 8052 cmdline: "C:\Windows\System32\svchost.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
        • fontdrvhost.exe (PID: 2980 cmdline: "C:\Windows\System32\fontdrvhost.exe" MD5: BBCB897697B3442657C7D6E3EDDBD25F)
          • WerFault.exe (PID: 6932 cmdline: C:\Windows\system32\WerFault.exe -u -p 2980 -s 4 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
      • WerFault.exe (PID: 8124 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 436 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
RhadamanthysAccording to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.
  • Sandworm
https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys
{"C2 url": "https://104.37.175.221:7575/1b422f87470a4ca5005/murvffju.id6pw"}
SourceRuleDescriptionAuthorStrings
00000003.00000003.1525258981.0000000000A20000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
    00000004.00000003.1529007847.00000000009C0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
      00000004.00000002.1627090269.0000000003080000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
        00000003.00000003.1528260985.00000000030F0000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
          00000003.00000003.1528086431.0000000002ED0000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
            Click to see the 5 entries
            SourceRuleDescriptionAuthorStrings
            4.3.svchost.exe.4f80000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
              3.3.1CSDmJh1zN.exe.2ed0000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                3.3.1CSDmJh1zN.exe.30f0000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                  4.3.svchost.exe.51a0000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security

                    System Summary

                    barindex
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\1CSDmJh1zN.exe, ProcessId: 7716, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DiskTuner
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\1CSDmJh1zN.exe", ParentImage: C:\Users\user\Desktop\1CSDmJh1zN.exe, ParentProcessId: 8024, ParentProcessName: 1CSDmJh1zN.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 8052, ProcessName: svchost.exe
                    Source: Process startedAuthor: vburov: Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\1CSDmJh1zN.exe", ParentImage: C:\Users\user\Desktop\1CSDmJh1zN.exe, ParentProcessId: 8024, ParentProcessName: 1CSDmJh1zN.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 8052, ProcessName: svchost.exe
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-04T17:24:42.492570+010028548021Domain Observed Used for C2 Detected104.37.175.2217575192.168.2.749744TCP

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Source: 0.2.1CSDmJh1zN.exe.23f0000.2.unpackMalware Configuration Extractor: Rhadamanthys {"C2 url": "https://104.37.175.221:7575/1b422f87470a4ca5005/murvffju.id6pw"}
                    Source: 1CSDmJh1zN.exeReversingLabs: Detection: 26%
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.6% probability
                    Source: 1CSDmJh1zN.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                    Source: Binary string: wkernel32.pdb source: 1CSDmJh1zN.exe, 00000003.00000003.1527867090.0000000002FF0000.00000004.00000001.00020000.00000000.sdmp, 1CSDmJh1zN.exe, 00000003.00000003.1527736399.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1533210388.0000000004F80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1534648214.00000000050A0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wkernelbase.pdb source: 1CSDmJh1zN.exe, 00000003.00000003.1528260985.00000000030F0000.00000004.00000001.00020000.00000000.sdmp, 1CSDmJh1zN.exe, 00000003.00000003.1528086431.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1540087653.0000000004F80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1540457438.00000000051A0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: ntdll.pdb source: 1CSDmJh1zN.exe, 00000003.00000003.1526757588.00000000030C0000.00000004.00000001.00020000.00000000.sdmp, 1CSDmJh1zN.exe, 00000003.00000003.1526540708.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1531128806.0000000005170000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1530805428.0000000004F80000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wntdll.pdbUGP source: 1CSDmJh1zN.exe, 00000003.00000003.1527459979.0000000003070000.00000004.00000001.00020000.00000000.sdmp, 1CSDmJh1zN.exe, 00000003.00000003.1527230385.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1531976697.0000000005120000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1531431887.0000000004F80000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: ntdll.pdbUGP source: 1CSDmJh1zN.exe, 00000003.00000003.1526757588.00000000030C0000.00000004.00000001.00020000.00000000.sdmp, 1CSDmJh1zN.exe, 00000003.00000003.1526540708.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1531128806.0000000005170000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1530805428.0000000004F80000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wntdll.pdb source: 1CSDmJh1zN.exe, 00000003.00000003.1527459979.0000000003070000.00000004.00000001.00020000.00000000.sdmp, 1CSDmJh1zN.exe, 00000003.00000003.1527230385.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1531976697.0000000005120000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1531431887.0000000004F80000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wkernelbase.pdbUGP source: 1CSDmJh1zN.exe, 00000003.00000003.1528260985.00000000030F0000.00000004.00000001.00020000.00000000.sdmp, 1CSDmJh1zN.exe, 00000003.00000003.1528086431.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1540087653.0000000004F80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1540457438.00000000051A0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wkernel32.pdbUGP source: 1CSDmJh1zN.exe, 00000003.00000003.1527867090.0000000002FF0000.00000004.00000001.00020000.00000000.sdmp, 1CSDmJh1zN.exe, 00000003.00000003.1527736399.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1533210388.0000000004F80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1534648214.00000000050A0000.00000004.00000001.00020000.00000000.sdmp
                    Source: C:\Windows\System32\fontdrvhost.exeCode function: 4x nop then dec esp8_2_000002B0B1870511

                    Networking

                    barindex
                    Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 104.37.175.221:7575 -> 192.168.2.7:49744
                    Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 104.37.175.221 7575Jump to behavior
                    Source: Malware configuration extractorURLs: https://104.37.175.221:7575/1b422f87470a4ca5005/murvffju.id6pw
                    Source: global trafficTCP traffic: 192.168.2.7:49744 -> 104.37.175.221:7575
                    Source: Joe Sandbox ViewASN Name: MAJESTIC-HOSTING-01US MAJESTIC-HOSTING-01US
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.37.175.221
                    Source: 1CSDmJh1zN.exe, DiskTuner.exe.0.drString found in binary or memory: http://%shttp://a.SharedObject.BadPersistencependingSharedObject.UriMismatch
                    Source: 1CSDmJh1zN.exe, DiskTuner.exe.0.drString found in binary or memory: http://.macromedia.com/support/flashplayer/sys/https://SettingsSubdomainmms.cfgdefaultAuthorLocalSec
                    Source: 1CSDmJh1zN.exe, DiskTuner.exe.0.drString found in binary or memory: http://www.macromedia.com
                    Source: 1CSDmJh1zN.exe, DiskTuner.exe.0.drString found in binary or memory: http://www.macromedia.comhttps://www.macromedia.com/support/flashplayer/sys/&amp
                    Source: svchost.exe, 00000004.00000002.1626909503.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.1626909503.0000000002F00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.1626476221.00000000007CC000.00000004.00000010.00020000.00000000.sdmp, fontdrvhost.exe, fontdrvhost.exe, 00000008.00000002.1900349296.000002B0B1870000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://104.37.175.221:7575/1b422f87470a4ca5005/murvffju.id6pw
                    Source: svchost.exe, 00000004.00000002.1626909503.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.1626909503.0000000002F00000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000008.00000002.1900349296.000002B0B1870000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://104.37.175.221:7575/1b422f87470a4ca5005/murvffju.id6pwkernelbasentdllkernel32GetProcessMitig
                    Source: svchost.exe, 00000004.00000002.1626476221.00000000007CC000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://104.37.175.221:7575/1b422f87470a4ca5005/murvffju.id6pwx
                    Source: svchost.exe, 00000004.00000003.1558958510.0000000002FA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-query
                    Source: svchost.exe, 00000004.00000003.1558958510.0000000002FA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachi
                    Source: 1CSDmJh1zN.exe, DiskTuner.exe.0.drString found in binary or memory: https://www.macromedia.com/bin/flashdownload.cgi
                    Source: 1CSDmJh1zN.exe, DiskTuner.exe.0.drString found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 0_2_004D9AB0 GlobalAlloc,GlobalLock,GlobalUnlock,WideCharToMultiByte,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,SetClipboardData,SetClipboardData,CloseClipboard,0_2_004D9AB0
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 0_2_004D9AB0 GlobalAlloc,GlobalLock,GlobalUnlock,WideCharToMultiByte,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,SetClipboardData,SetClipboardData,CloseClipboard,0_2_004D9AB0
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_2_004D9AB0 GlobalAlloc,GlobalLock,GlobalUnlock,WideCharToMultiByte,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,SetClipboardData,SetClipboardData,CloseClipboard,3_2_004D9AB0
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 0_2_004D9C20 OpenClipboard,GetClipboardData,GetClipboardData,GetClipboardData,GetClipboardData,CloseClipboard,0_2_004D9C20
                    Source: 1CSDmJh1zN.exe, 00000003.00000003.1528260985.00000000030F0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_f9a411a6-d
                    Source: 1CSDmJh1zN.exe, 00000003.00000003.1528260985.00000000030F0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_9cb8a0a8-1
                    Source: Yara matchFile source: 4.3.svchost.exe.4f80000.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.3.1CSDmJh1zN.exe.2ed0000.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.3.1CSDmJh1zN.exe.30f0000.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.3.svchost.exe.51a0000.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000003.00000003.1528260985.00000000030F0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000003.1528086431.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000003.1540457438.00000000051A0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000003.1540087653.0000000004F80000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 1CSDmJh1zN.exe PID: 8024, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 8052, type: MEMORYSTR

                    System Summary

                    barindex
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeFile dump: DiskTuner.exe.0.dr 979567349Jump to dropped file
                    Source: C:\Windows\System32\fontdrvhost.exeCode function: 8_2_000002B0B1871CF4 NtAcceptConnectPort,CloseHandle,8_2_000002B0B1871CF4
                    Source: C:\Windows\System32\fontdrvhost.exeCode function: 8_2_000002B0B18715C0 NtAcceptConnectPort,8_2_000002B0B18715C0
                    Source: C:\Windows\System32\fontdrvhost.exeCode function: 8_2_000002B0B1870AC8 NtAcceptConnectPort,NtAcceptConnectPort,8_2_000002B0B1870AC8
                    Source: C:\Windows\System32\fontdrvhost.exeCode function: 8_2_000002B0B1871AA4 NtAcceptConnectPort,NtAcceptConnectPort,8_2_000002B0B1871AA4
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 0_2_0040A0200_2_0040A020
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 0_2_0042D3000_2_0042D300
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 0_2_0043C3C00_2_0043C3C0
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 0_2_0042D39B0_2_0042D39B
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 0_2_0042D4F90_2_0042D4F9
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 0_2_0041B4B00_2_0041B4B0
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 0_2_004206700_2_00420670
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 0_2_004166210_2_00416621
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 0_2_0045E8700_2_0045E870
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 0_2_0047DA000_2_0047DA00
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 0_2_0040ACD00_2_0040ACD0
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 0_2_00429E100_2_00429E10
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 0_2_00464EE00_2_00464EE0
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_3_007A81D23_3_007A81D2
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_3_0079C2313_3_0079C231
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_3_0079C4003_3_0079C400
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_2_0040A0203_2_0040A020
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_2_0042D3003_2_0042D300
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_2_0042D39B3_2_0042D39B
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_2_004033A13_2_004033A1
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_2_0042D4F93_2_0042D4F9
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_2_0041B4B03_2_0041B4B0
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_2_004206703_2_00420670
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_2_004166213_2_00416621
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_2_0045E8703_2_0045E870
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_2_0047DA003_2_0047DA00
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_2_0040ACD03_2_0040ACD0
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_2_00429E103_2_00429E10
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_2_00464EE03_2_00464EE0
                    Source: C:\Windows\System32\fontdrvhost.exeCode function: 8_2_000002B0B1870C708_2_000002B0B1870C70
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: String function: 00435140 appears 66 times
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: String function: 004C9120 appears 58 times
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: String function: 0079CD90 appears 33 times
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: String function: 00435350 appears 68 times
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 436
                    Source: 1CSDmJh1zN.exeBinary or memory string: OriginalFilename vs 1CSDmJh1zN.exe
                    Source: 1CSDmJh1zN.exe, 00000000.00000000.1336155924.0000000000628000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSAFlashPlayer.exe@ vs 1CSDmJh1zN.exe
                    Source: 1CSDmJh1zN.exe, 00000000.00000002.1556433689.00000000026B2000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSAFlashPlayer.exe@ vs 1CSDmJh1zN.exe
                    Source: 1CSDmJh1zN.exe, 00000000.00000002.1556278876.0000000002439000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs 1CSDmJh1zN.exe
                    Source: 1CSDmJh1zN.exe, 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSAFlashPlayer.exe@ vs 1CSDmJh1zN.exe
                    Source: 1CSDmJh1zN.exe, 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs 1CSDmJh1zN.exe
                    Source: 1CSDmJh1zN.exe, 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSAFlashPlayer.exe@ vs 1CSDmJh1zN.exe
                    Source: 1CSDmJh1zN.exe, 00000003.00000003.1528260985.00000000032D1000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKernelbase.dllj% vs 1CSDmJh1zN.exe
                    Source: 1CSDmJh1zN.exe, 00000003.00000003.1527867090.0000000003040000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs 1CSDmJh1zN.exe
                    Source: 1CSDmJh1zN.exe, 00000003.00000003.1527867090.0000000002FF0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \[FileVersionProductVersionFileDescriptionCompanyNameProductNameOriginalFilenameInternalNameLegalCopyright vs 1CSDmJh1zN.exe
                    Source: 1CSDmJh1zN.exe, 00000003.00000003.1527459979.000000000319D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 1CSDmJh1zN.exe
                    Source: 1CSDmJh1zN.exe, 00000003.00000003.1527736399.0000000002ED0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \[FileVersionProductVersionFileDescriptionCompanyNameProductNameOriginalFilenameInternalNameLegalCopyright vs 1CSDmJh1zN.exe
                    Source: 1CSDmJh1zN.exe, 00000003.00000003.1528953144.00000000007B9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs 1CSDmJh1zN.exe
                    Source: 1CSDmJh1zN.exe, 00000003.00000003.1528086431.0000000002ED0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKernelbase.dllj% vs 1CSDmJh1zN.exe
                    Source: 1CSDmJh1zN.exe, 00000003.00000003.1527230385.0000000002FF3000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 1CSDmJh1zN.exe
                    Source: 1CSDmJh1zN.exe, 00000003.00000003.1527736399.0000000002F62000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs 1CSDmJh1zN.exe
                    Source: 1CSDmJh1zN.exe, 00000003.00000003.1526757588.0000000003246000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 1CSDmJh1zN.exe
                    Source: 1CSDmJh1zN.exe, 00000003.00000003.1525516421.00000000007B9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs 1CSDmJh1zN.exe
                    Source: 1CSDmJh1zN.exe, 00000003.00000003.1526540708.0000000003048000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 1CSDmJh1zN.exe
                    Source: 1CSDmJh1zN.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                    Source: 1CSDmJh1zN.exe, 00000000.00000002.1556278876.0000000002439000.00000040.00001000.00020000.00000000.sdmp, 1CSDmJh1zN.exe, 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmp, 1CSDmJh1zN.exe, 00000003.00000003.1528953144.00000000007B9000.00000040.00000400.00020000.00000000.sdmp, 1CSDmJh1zN.exe, 00000003.00000003.1525516421.00000000007B9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: .a_po^ ojYd.o B U.R G v.Q_F& ZNH K.9.sV`OQ qOq_A( N5.j P.X z.k.Yf_HL.P.L`.C Ue_q_B_t.h{_yr\=A f.3_q_Fvb_H_bm W.UP#.by_iY.Yw I.Y_G p.3c g.Zy S v.U.N C_m Z_i.H_j B l_DH_Pd.iz_O.f~ U z_Mv_d7 T Mz.f.594/}_m kS.v.D u.rZu.S G.N_x.V J.Q.G FO^.X<.6_fv.V ny.L,_E.2.m I_l.b$ Mx sZ.K! p.Y.U.V:U.89 R_H F3.d_R A UQ.C_y y Y Jb.Q_S.N.s< l_Ab~[_w9zV?!C9.N_HQ)*_n R.tP Ww_u aU;.V EPk Xr.Q0.y.A!]_b!7 g.R_pF.E_b o.o.q.o_E.T_rdfw.c}_ck.4.Y_w:_P.B(#`_xy_i.3_Y.A_N.q.6.YE_S_T.R H n.R_d_F.V.s_R68).I aL q.H b.W.Q!.r b_w c c$_va.X_v.tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_C_Q.e J q7E V P.LP_Q.kTN_c.F.D gc.hT_s_Q1
                    Source: 1CSDmJh1zN.exe, 1CSDmJh1zN.exe, 00000000.00000002.1556278876.0000000002439000.00000040.00001000.00020000.00000000.sdmp, 1CSDmJh1zN.exe, 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmp, 1CSDmJh1zN.exe, 00000003.00000003.1528953144.00000000007B9000.00000040.00000400.00020000.00000000.sdmp, 1CSDmJh1zN.exe, 00000003.00000003.1525516421.00000000007B9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: .tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_
                    Source: classification engineClassification label: mal100.troj.evad.winEXE@9/6@0/1
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 0_2_004F9340 CoCreateInstance,0_2_004F9340
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeFile created: C:\Users\user\Videos\DiskTunerJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-195888c1-7ce7-75016d-42dd42d214e3}
                    Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2980
                    Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\268b5719-c00d-4fa2-aaea-b828ac48b606Jump to behavior
                    Source: 1CSDmJh1zN.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: 1CSDmJh1zN.exeReversingLabs: Detection: 26%
                    Source: 1CSDmJh1zN.exeString found in binary or memory: ms-help:
                    Source: 1CSDmJh1zN.exeString found in binary or memory: B_flashuseCodepageStandAloneWIN 8,0,22,0A=%b&SA=%b&SV=%b&EV=%b&MP3=%b&AE=%b&VE=%b&ACC=%b&PR=%b&SP=%b&SB=%b&DEB=%b&V=%s%s&PT=%s&AVD=%b&LFD=%b&WD=%b%20http://%s/scriptms-help:mk:ms-itss:ms-its:its:vshelp:local:shell:
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeFile read: C:\Users\user\Desktop\1CSDmJh1zN.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\1CSDmJh1zN.exe "C:\Users\user\Desktop\1CSDmJh1zN.exe"
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeProcess created: C:\Users\user\Desktop\1CSDmJh1zN.exe "C:\Users\user\Desktop\1CSDmJh1zN.exe"
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 436
                    Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                    Source: C:\Windows\System32\fontdrvhost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 2980 -s 4
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeProcess created: C:\Users\user\Desktop\1CSDmJh1zN.exe "C:\Users\user\Desktop\1CSDmJh1zN.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeSection loaded: wsock32.dllJump to behavior
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeSection loaded: k7rn7l32.dllJump to behavior
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeSection loaded: ntd3ll.dllJump to behavior
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: powrprof.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: umpdc.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
                    Source: 1CSDmJh1zN.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                    Source: 1CSDmJh1zN.exeStatic file information: File size 2764800 > 1048576
                    Source: 1CSDmJh1zN.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x13c000
                    Source: 1CSDmJh1zN.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x140000
                    Source: Binary string: wkernel32.pdb source: 1CSDmJh1zN.exe, 00000003.00000003.1527867090.0000000002FF0000.00000004.00000001.00020000.00000000.sdmp, 1CSDmJh1zN.exe, 00000003.00000003.1527736399.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1533210388.0000000004F80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1534648214.00000000050A0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wkernelbase.pdb source: 1CSDmJh1zN.exe, 00000003.00000003.1528260985.00000000030F0000.00000004.00000001.00020000.00000000.sdmp, 1CSDmJh1zN.exe, 00000003.00000003.1528086431.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1540087653.0000000004F80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1540457438.00000000051A0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: ntdll.pdb source: 1CSDmJh1zN.exe, 00000003.00000003.1526757588.00000000030C0000.00000004.00000001.00020000.00000000.sdmp, 1CSDmJh1zN.exe, 00000003.00000003.1526540708.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1531128806.0000000005170000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1530805428.0000000004F80000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wntdll.pdbUGP source: 1CSDmJh1zN.exe, 00000003.00000003.1527459979.0000000003070000.00000004.00000001.00020000.00000000.sdmp, 1CSDmJh1zN.exe, 00000003.00000003.1527230385.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1531976697.0000000005120000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1531431887.0000000004F80000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: ntdll.pdbUGP source: 1CSDmJh1zN.exe, 00000003.00000003.1526757588.00000000030C0000.00000004.00000001.00020000.00000000.sdmp, 1CSDmJh1zN.exe, 00000003.00000003.1526540708.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1531128806.0000000005170000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1530805428.0000000004F80000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wntdll.pdb source: 1CSDmJh1zN.exe, 00000003.00000003.1527459979.0000000003070000.00000004.00000001.00020000.00000000.sdmp, 1CSDmJh1zN.exe, 00000003.00000003.1527230385.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1531976697.0000000005120000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1531431887.0000000004F80000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wkernelbase.pdbUGP source: 1CSDmJh1zN.exe, 00000003.00000003.1528260985.00000000030F0000.00000004.00000001.00020000.00000000.sdmp, 1CSDmJh1zN.exe, 00000003.00000003.1528086431.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1540087653.0000000004F80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1540457438.00000000051A0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wkernel32.pdbUGP source: 1CSDmJh1zN.exe, 00000003.00000003.1527867090.0000000002FF0000.00000004.00000001.00020000.00000000.sdmp, 1CSDmJh1zN.exe, 00000003.00000003.1527736399.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1533210388.0000000004F80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1534648214.00000000050A0000.00000004.00000001.00020000.00000000.sdmp
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 0_2_004D7960 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004D7960
                    Source: 1CSDmJh1zN.exeStatic PE information: real checksum: 0x241059 should be: 0x2a9c38
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 0_2_004CA770 push eax; ret 0_2_004CA784
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 0_2_004CA770 push eax; ret 0_2_004CA7AC
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_3_007AB86D push ebx; ret 3_3_007AB864
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_3_007AA840 push ebp; retf 3_3_007AA841
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_3_007AE83C pushad ; ret 3_3_007AE841
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_3_007AE80E push eax; iretd 3_3_007AE81D
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_3_007AA0F9 push FFFFFF82h; iretd 3_3_007AA0FB
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_3_007AD8A0 push 0000002Eh; iretd 3_3_007AD8A2
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_3_007A8904 push ecx; ret 3_3_007A8917
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_3_007AB1DD push eax; ret 3_3_007AB1DF
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_3_007AE586 pushad ; retf 3_3_007AE599
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_3_007A9F6A push eax; ret 3_3_007A9F75
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_3_007AB70B push ebx; ret 3_3_007AB864
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_2_004381E0 push ecx; retf 3_2_004382AC
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_2_004381A0 push ecx; retf 3_2_004382AC
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_2_004CA770 push eax; ret 3_2_004CA784
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_2_004CA770 push eax; ret 3_2_004CA7AC
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_2_00434C60 push edi; retf 3_2_00434D5F
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_2_00434CF0 push edi; retf 3_2_00434D5F
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_2_00434C90 push edi; retf 3_2_00434D5F
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_2_00434CB0 push edi; retf 3_2_00434D5F
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_2_00447D60 push ecx; retf 3_2_00447E0D
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_2_00436DB0 push ecx; retf 3_2_00436EEF
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_0080588E push eax; iretd 4_3_0080589D
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_008058BC pushad ; ret 4_3_008058C1
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_008018C0 push ebp; retf 4_3_008018C1
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_008028ED push ebx; ret 4_3_008028E4
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_00805606 pushad ; retf 4_3_00805619
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_00806012 push 00000038h; iretd 4_3_0080601D
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_0080225D push eax; ret 4_3_0080225F
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_0080278B push ebx; ret 4_3_008028E4
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeFile created: C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exeJump to dropped file
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DiskTunerJump to behavior
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DiskTunerJump to behavior

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (31).png
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 0_2_004D7960 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004D7960
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeAPI/Special instruction interceptor: Address: 7FFB2CECD044
                    Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFB2CECD044
                    Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 54DB83A
                    Source: 1CSDmJh1zN.exe, 00000000.00000002.1556278876.0000000002439000.00000040.00001000.00020000.00000000.sdmp, 1CSDmJh1zN.exe, 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmp, 1CSDmJh1zN.exe, 00000003.00000003.1528953144.00000000007B9000.00000040.00000400.00020000.00000000.sdmp, 1CSDmJh1zN.exe, 00000003.00000003.1525516421.00000000007B9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: ORIGINALFILENAMECFF EXPLORER.EXE:
                    Source: 1CSDmJh1zN.exeBinary or memory string: CFF EXPLORER.EXE
                    Source: 1CSDmJh1zN.exe, 00000000.00000002.1556278876.0000000002439000.00000040.00001000.00020000.00000000.sdmp, 1CSDmJh1zN.exe, 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmp, 1CSDmJh1zN.exe, 00000003.00000003.1528953144.00000000007B9000.00000040.00000400.00020000.00000000.sdmp, 1CSDmJh1zN.exe, 00000003.00000003.1525516421.00000000007B9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: INTERNALNAMECFF EXPLORER.EXE
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeDropped PE file which has not been started: C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exeJump to dropped file
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeAPI coverage: 0.4 %
                    Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                    Source: svchost.exe, 00000004.00000002.1626789370.0000000002E12000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-USen-GBn
                    Source: svchost.exe, 00000004.00000003.1540457438.00000000051A0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DisableGuestVmNetworkConnectivity
                    Source: svchost.exe, 00000004.00000002.1626763003.0000000002E00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: svchost.exe, 00000004.00000002.1626824106.0000000002E54000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
                    Source: svchost.exe, 00000004.00000003.1540457438.00000000051A0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: EnableGuestVmNetworkConnectivity
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_3_007A9098 VirtualAlloc,LdrInitializeThunk,VirtualFree,3_3_007A9098
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 0_2_004D7960 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004D7960
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_3_007A9277 mov eax, dword ptr fs:[00000030h]3_3_007A9277
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_00800283 mov eax, dword ptr fs:[00000030h]4_3_00800283
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 0_2_0052B440 GetProcessHeap,HeapAlloc,0_2_0052B440
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeProcess created: C:\Users\user\Desktop\1CSDmJh1zN.exe "C:\Users\user\Desktop\1CSDmJh1zN.exe"Jump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 104.37.175.221 7575Jump to behavior
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeMemory written: C:\Users\user\Desktop\1CSDmJh1zN.exe base: 770000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 3_3_0079CDD5 cpuid 3_3_0079CDD5
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: GetCurrentThreadId,GetKeyboardLayout,GetLocaleInfoA,0_2_004C9670
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: GetCurrentThreadId,GetKeyboardLayout,GetLocaleInfoA,3_2_004C9670
                    Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 0_2_004CE5B0 GetSystemTime,GetTimeZoneInformation,0_2_004CE5B0
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 0_2_004CE5B0 GetSystemTime,GetTimeZoneInformation,0_2_004CE5B0
                    Source: C:\Users\user\Desktop\1CSDmJh1zN.exeCode function: 0_2_004CB0E0 GetVersionExA,0_2_004CB0E0
                    Source: C:\Windows\SysWOW64\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Source: Yara matchFile source: 00000003.00000003.1525258981.0000000000A20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000003.1529007847.00000000009C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.1627090269.0000000003080000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1541082442.0000000000BB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

                    Remote Access Functionality

                    barindex
                    Source: Yara matchFile source: 00000003.00000003.1525258981.0000000000A20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000003.1529007847.00000000009C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.1627090269.0000000003080000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1541082442.0000000000BB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
                    Windows Management Instrumentation
                    1
                    Registry Run Keys / Startup Folder
                    211
                    Process Injection
                    11
                    Masquerading
                    21
                    Input Capture
                    2
                    System Time Discovery
                    Remote Services21
                    Input Capture
                    1
                    Encrypted Channel
                    Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts2
                    Command and Scripting Interpreter
                    1
                    DLL Side-Loading
                    1
                    Registry Run Keys / Startup Folder
                    1
                    Virtualization/Sandbox Evasion
                    LSASS Memory221
                    Security Software Discovery
                    Remote Desktop Protocol1
                    Archive Collected Data
                    1
                    Non-Standard Port
                    Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain Accounts1
                    Native API
                    Logon Script (Windows)1
                    DLL Side-Loading
                    1
                    Disable or Modify Tools
                    Security Account Manager1
                    Virtualization/Sandbox Evasion
                    SMB/Windows Admin Shares3
                    Clipboard Data
                    1
                    Application Layer Protocol
                    Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook211
                    Process Injection
                    NTDS1
                    Process Discovery
                    Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    Deobfuscate/Decode Files or Information
                    LSA Secrets135
                    System Information Discovery
                    SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
                    Obfuscated Files or Information
                    Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    DLL Side-Loading
                    DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand
                    SourceDetectionScannerLabelLink
                    1CSDmJh1zN.exe26%ReversingLabs
                    No Antivirus matches
                    No Antivirus matches
                    No Antivirus matches
                    SourceDetectionScannerLabelLink
                    https://104.37.175.221:7575/1b422f87470a4ca5005/murvffju.id6pw0%Avira URL Cloudsafe
                    https://104.37.175.221:7575/1b422f87470a4ca5005/murvffju.id6pwkernelbasentdllkernel32GetProcessMitig0%Avira URL Cloudsafe
                    https://104.37.175.221:7575/1b422f87470a4ca5005/murvffju.id6pwx0%Avira URL Cloudsafe
                    No contacted domains info
                    NameMaliciousAntivirus DetectionReputation
                    https://104.37.175.221:7575/1b422f87470a4ca5005/murvffju.id6pwtrue
                    • Avira URL Cloud: safe
                    unknown
                    NameSourceMaliciousAntivirus DetectionReputation
                    https://104.37.175.221:7575/1b422f87470a4ca5005/murvffju.id6pwkernelbasentdllkernel32GetProcessMitigsvchost.exe, 00000004.00000002.1626909503.0000000002F0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.1626909503.0000000002F00000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000008.00000002.1900349296.000002B0B1870000.00000040.00000001.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    unknown
                    https://cloudflare-dns.com/dns-querysvchost.exe, 00000004.00000003.1558958510.0000000002FA0000.00000004.00000020.00020000.00000000.sdmpfalse
                      high
                      http://www.macromedia.com1CSDmJh1zN.exe, DiskTuner.exe.0.drfalse
                        high
                        https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachisvchost.exe, 00000004.00000003.1558958510.0000000002FA0000.00000004.00000020.00020000.00000000.sdmpfalse
                          high
                          https://104.37.175.221:7575/1b422f87470a4ca5005/murvffju.id6pwxsvchost.exe, 00000004.00000002.1626476221.00000000007CC000.00000004.00000010.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          http://%shttp://a.SharedObject.BadPersistencependingSharedObject.UriMismatch1CSDmJh1zN.exe, DiskTuner.exe.0.drfalse
                            high
                            http://.macromedia.com/support/flashplayer/sys/https://SettingsSubdomainmms.cfgdefaultAuthorLocalSec1CSDmJh1zN.exe, DiskTuner.exe.0.drfalse
                              high
                              http://www.macromedia.comhttps://www.macromedia.com/support/flashplayer/sys/&amp1CSDmJh1zN.exe, DiskTuner.exe.0.drfalse
                                high
                                https://www.macromedia.com/bin/flashdownload.cgi1CSDmJh1zN.exe, DiskTuner.exe.0.drfalse
                                  high
                                  https://www.macromedia.com/support/flashplayer/sys/1CSDmJh1zN.exe, DiskTuner.exe.0.drfalse
                                    high
                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs
                                    IPDomainCountryFlagASNASN NameMalicious
                                    104.37.175.221
                                    unknownUnited States
                                    396073MAJESTIC-HOSTING-01UStrue
                                    Joe Sandbox version:41.0.0 Charoite
                                    Analysis ID:1568506
                                    Start date and time:2024-12-04 17:23:12 +01:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:0h 8m 17s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:15
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Sample name:1CSDmJh1zN.exe
                                    renamed because original name is a hash value
                                    Original Sample Name:0b393e441f2d3bc70648fe9955d5bb89f79b1d0f3d76e8e054347333324898ee.exe
                                    Detection:MAL
                                    Classification:mal100.troj.evad.winEXE@9/6@0/1
                                    EGA Information:
                                    • Successful, ratio: 50%
                                    HCA Information:Failed
                                    Cookbook Comments:
                                    • Found application associated with file extension: .exe
                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                    • Excluded IPs from analysis (whitelisted): 20.189.173.20
                                    • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus15.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                    • Execution Graph export aborted for target 1CSDmJh1zN.exe, PID 8024 because there are no executed function
                                    • Execution Graph export aborted for target svchost.exe, PID 8052 because there are no executed function
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                    • VT rate limit hit for: 1CSDmJh1zN.exe
                                    TimeTypeDescription
                                    11:25:14API Interceptor1x Sleep call for process: WerFault.exe modified
                                    17:24:44AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run DiskTuner C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe
                                    17:24:53AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run DiskTuner C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe
                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    104.37.175.221m58muJVjMg.exeGet hashmaliciousRHADAMANTHYSBrowse
                                      aHoqCI0AZq.exeGet hashmaliciousRHADAMANTHYSBrowse
                                        LJqzegzQl0.exeGet hashmaliciousRHADAMANTHYSBrowse
                                          wg7SDQAffQ.exeGet hashmaliciousRHADAMANTHYSBrowse
                                            No context
                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            MAJESTIC-HOSTING-01USm58muJVjMg.exeGet hashmaliciousRHADAMANTHYSBrowse
                                            • 104.37.175.221
                                            PCrn0I0aO9.exeGet hashmaliciousRHADAMANTHYSBrowse
                                            • 104.37.175.232
                                            aHoqCI0AZq.exeGet hashmaliciousRHADAMANTHYSBrowse
                                            • 104.37.175.221
                                            LJqzegzQl0.exeGet hashmaliciousRHADAMANTHYSBrowse
                                            • 104.37.175.221
                                            ZtnN5sSpDk.exeGet hashmaliciousRHADAMANTHYSBrowse
                                            • 104.37.175.232
                                            wg7SDQAffQ.exeGet hashmaliciousRHADAMANTHYSBrowse
                                            • 104.37.175.221
                                            Readme.lnk.download.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                            • 104.37.175.232
                                            098aPtSbmd.batGet hashmaliciousRHADAMANTHYSBrowse
                                            • 104.37.175.232
                                            loader.ps1.batGet hashmaliciousRHADAMANTHYSBrowse
                                            • 104.37.175.232
                                            readme.exeGet hashmaliciousRHADAMANTHYSBrowse
                                            • 104.37.175.232
                                            No context
                                            No context
                                            Process:C:\Windows\System32\WerFault.exe
                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):65536
                                            Entropy (8bit):0.6603359791113059
                                            Encrypted:false
                                            SSDEEP:96:0DFOC3e8qigKJ6ss3Wrk41yHpHS2QXIDcQkc6tcEycw3ZUtzJzQ+HbHgrZ2ZAX/E:+wSbHn6sxR0apYKjqzuiFxZ24lO8JO
                                            MD5:6F5107110A3A0FACC374F86ACB8F533A
                                            SHA1:687832122F4F877C283EE79F9409D82501687DF2
                                            SHA-256:D9C4CA44A5E0B777DD8A50A7C4953DA0A863D22B6C10AE6115AC68D8087C3E8F
                                            SHA-512:D5C78A19CC26455F43BB10C451AF9750170CDDCBFA0B9D28855305494F7A5B1DE0DC21A75C0836FBB3E45B2886D875F97637AAD94FD92412219C69A6F215399B
                                            Malicious:false
                                            Reputation:low
                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.6.4.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.7.8.0.3.0.9.0.5.0.6.2.3.0.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.7.8.0.3.0.9.1.0.9.9.9.8.2.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.7.7.d.3.0.6.0.-.e.2.1.e.-.4.a.6.d.-.a.8.a.5.-.8.b.2.0.d.4.b.c.0.5.b.8.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.5.7.f.3.a.4.1.-.6.1.7.b.-.4.f.7.3.-.9.5.1.4.-.2.8.7.1.1.1.7.d.5.6.3.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.b.a.4.-.0.0.0.1.-.0.0.1.4.-.8.5.e.3.-.d.6.0.8.6.9.4.6.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.5.e.f.b.3.f.9.7.3.4.2.b.a.1.9.5.4.2.4.1.3.4.f.2.8.f.9.7.7.d.a.9.e.0.d.6.a.a.9.1.!.f.o.n.t.d.r.v.h.o.
                                            Process:C:\Windows\System32\WerFault.exe
                                            File Type:Mini DuMP crash report, 14 streams, Wed Dec 4 16:24:50 2024, 0x1205a4 type
                                            Category:dropped
                                            Size (bytes):47630
                                            Entropy (8bit):1.2764682877207838
                                            Encrypted:false
                                            SSDEEP:96:5q8SFk7mR77Syxu7i7oqEqBqTuOt9EXV94NUsujjCVWIiTIYhHBo:r17M8O/rMTuOHEX4NPujjthC
                                            MD5:926CD6F40EEAFAFA80FE29A1E42EBCCF
                                            SHA1:2BA9ED752A7B3F63BD82ADFBECC780B6B257B97A
                                            SHA-256:D886ED9EF75CE0CB9B4A43A08C559DC179A9CC2F0DC693242B54616EFD6D92B6
                                            SHA-512:899872C5830E489C8CDEE3500C19693C5AF61917A3112567D85FCBDE71D69F1B2D8C6662B5FD6A20AB35D5D19F9B0C00693AB4D30AACFCB4D86EA2407A64D317
                                            Malicious:false
                                            Reputation:low
                                            Preview:MDMP..a..... .......R.Pg........................................2!..........T.......8...........T...............^.......................................................................................................eJ..............Lw......................T...........O.Pg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                            Process:C:\Windows\System32\WerFault.exe
                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):8818
                                            Entropy (8bit):3.691421177488558
                                            Encrypted:false
                                            SSDEEP:192:R6l7wVeJJVwb76YcZqOxgmfr57v2pDM89b14ffLnm:R6lXJLY6YyqOxgmfrFvy1wfi
                                            MD5:0A67ED1641EE03B89914CC8974468A5F
                                            SHA1:EBEB034F2523856C3CCD80F3105B68AB23840B5C
                                            SHA-256:B298A712B4265643C7C8514EDCACB65648164A37FE20993A729D8522D8A150AC
                                            SHA-512:DDB23813B9CBD3803F164105DE77DB0B89CFE713BB8E03516FA7ED474D9A7F3FEC7D1E0DEFFCB8FAA77D4DB8E4E21AEFF3D6C3E06A68B401F76FC733889633EC
                                            Malicious:false
                                            Reputation:low
                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.9.8.0.<./.P.i.
                                            Process:C:\Windows\System32\WerFault.exe
                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):4853
                                            Entropy (8bit):4.447307648781459
                                            Encrypted:false
                                            SSDEEP:48:cvIwWl8zsZBJg771I9SFWpW8VYtYm8M4Jk5LvM6Feyq8vU5LvMaaMuFFd:uIjfVI7J07V5JcjMhWsjMa1u/d
                                            MD5:F54D8AAD05A573FE6B4EF25405981415
                                            SHA1:B58BC281582908D0E8D59D9CD751919864C1777C
                                            SHA-256:52018FC8C024E2C648975D1B6E9151986331EF73DCAAA2F856D008ED9004C504
                                            SHA-512:7F43FA700080F23448645E125B6E5FD10D3A0D51687290091D90D5301E7CB24E3360FD19AF4FCB04722441EA8CC8DD0834C2601A7FD088C572CF39BD99FB16E5
                                            Malicious:false
                                            Reputation:low
                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="616767" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                            Process:C:\Users\user\Desktop\1CSDmJh1zN.exe
                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                            Category:dropped
                                            Size (bytes):979567349
                                            Entropy (8bit):0.04401550026320473
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:6A26F3F43956CF123CEEB5C4100968A4
                                            SHA1:9CD935D9184FF05674C5D15C4DA426142701759D
                                            SHA-256:B6ADC307A7E6C8DC564E7A45EDF95F6862D7ADBA1C083C920B0F07D4F65F44DD
                                            SHA-512:B0E083EA80FDC2F608FD6CE628E57DE10892B9164F9C1B0A61EEFC3750358F4FE495B70000E472F5BE5C05889F92BA3103277E8D726EF8E09F7DD3D076D5ED4F
                                            Malicious:false
                                            Reputation:low
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................z..............z........#.............................Rich..................PE..L......C.....................`....................@...........................6.....Y.$..............................................."..............................................................................................................text............................... ..`.rdata...|..........................@..@.data....)...P.......P..............@....rsrc........."......0..............@..@................................................................................................................................................................................................................................................................................................................................................
                                            Process:C:\Windows\System32\WerFault.exe
                                            File Type:MS Windows registry file, NT/2000 or above
                                            Category:dropped
                                            Size (bytes):1835008
                                            Entropy (8bit):4.417586543340694
                                            Encrypted:false
                                            SSDEEP:6144:Rcifpi6ceLPL9skLmb0mNSWSPtaJG8nAgex285i2MMhA20X4WABlGuN75+:ui58NSWIZBk2MM6AFB9o
                                            MD5:7F5C5D31751DCECCF0BB4AA35945A9C4
                                            SHA1:C808CB743EE5604FC702D549461C5B2CE0809E11
                                            SHA-256:A431ECACE6FD4B0DED9CC764E19FDA6FD978BB149F704547A63E448C6356587C
                                            SHA-512:62AA1EDF80E1F149DFCD357FE60DFCE953BF99CDB63EBB3A49B45612D4635CF0E981885AFBB1DFF1447488C36E08E95DC8C1916C4FB20703DBF3F8982A75B761
                                            Malicious:false
                                            Reputation:low
                                            Preview:regfE...E....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmJ...iF.................................................................................................................................................................................................................................................................................................................................................>........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                            Entropy (8bit):7.070348649046921
                                            TrID:
                                            • Win32 Executable (generic) a (10002005/4) 99.40%
                                            • InstallShield setup (43055/19) 0.43%
                                            • Windows Screen Saver (13104/52) 0.13%
                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                            • DOS Executable Generic (2002/1) 0.02%
                                            File name:1CSDmJh1zN.exe
                                            File size:2'764'800 bytes
                                            MD5:9921eaf4b2c06a77de92d1f439922c77
                                            SHA1:059450429f11411c3dbb6686ee7adcc877db08c9
                                            SHA256:0b393e441f2d3bc70648fe9955d5bb89f79b1d0f3d76e8e054347333324898ee
                                            SHA512:7d4fd785678698b5a88d757754bab635e235bddfcd2284b392bb71e4d8921b7f28e1d53efdfbfb222e52091f8c493672477b3352df5ffb9726a7abc50036f1e6
                                            SSDEEP:49152:/VHFXSzmqiDqCbm1gickVsPT1uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuTuuuuC:/VHFXSzmqsegfkVsBuuuuuuuuuuuuuul
                                            TLSH:75D5BF01F29181B1D95236B55263E2F555B2AFF8973B80CF61927F1B3B321E25A33386
                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................z.......................z...............#...............................................Rich...................
                                            Icon Hash:c5a684988c94a0c5
                                            Entrypoint:0x4dc300
                                            Entrypoint Section:.text
                                            Digitally signed:false
                                            Imagebase:0x400000
                                            Subsystem:windows gui
                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                            DLL Characteristics:NO_SEH
                                            Time Stamp:0x4310D1EE [Sat Aug 27 20:49:50 2005 UTC]
                                            TLS Callbacks:
                                            CLR (.Net) Version:
                                            OS Version Major:4
                                            OS Version Minor:0
                                            File Version Major:4
                                            File Version Minor:0
                                            Subsystem Version Major:4
                                            Subsystem Version Minor:0
                                            Import Hash:6cd1955b3508e1b7bae36e00ef841662
                                            Instruction
                                            sub esp, 44h
                                            push esi
                                            call dword ptr [0053D228h]
                                            mov esi, eax
                                            mov al, byte ptr [esi]
                                            cmp al, 22h
                                            call 00007F91A0AB36D0h
                                            inc esi
                                            cmp al, 22h
                                            je 00007F91A0B636DAh
                                            test al, al
                                            jne 00007F91A0B636C6h
                                            cmp al, 22h
                                            jne 00007F91A0B636E8h
                                            inc esi
                                            jmp 00007F91A0B636E5h
                                            cmp al, 20h
                                            jbe 00007F91A0B636E1h
                                            lea esp, dword ptr [esp+00000000h]
                                            mov al, byte ptr [esi+01h]
                                            inc esi
                                            cmp al, 20h
                                            jnbe 00007F91A0B636CAh
                                            mov al, byte ptr [esi]
                                            test al, al
                                            je 00007F91A0B636E0h
                                            mov edi, edi
                                            cmp al, 20h
                                            jnbe 00007F91A0B636DAh
                                            mov al, byte ptr [esi+01h]
                                            inc esi
                                            test al, al
                                            jne 00007F91A0B636C6h
                                            lea eax, dword ptr [esp+04h]
                                            push eax
                                            mov dword ptr [esp+34h], 00000000h
                                            call dword ptr [0053D270h]
                                            test byte ptr [esp+30h], 00000001h
                                            movzx eax, word ptr [esp+34h]
                                            jne 00007F91A0B636D7h
                                            mov eax, 0000000Ah
                                            push eax
                                            push esi
                                            push 00000000h
                                            push 00000000h
                                            call dword ptr [0053D224h]
                                            push eax
                                            call 00007F91A0B632D3h
                                            push eax
                                            call dword ptr [0053D220h]
                                            pop esi
                                            int3
                                            int3
                                            int3
                                            int3
                                            int3
                                            int3
                                            movzx edx, byte ptr [ecx+0Dh]
                                            xor eax, eax
                                            mov ah, byte ptr [ecx+0Fh]
                                            mov al, byte ptr [ecx+0Ch]
                                            movzx ecx, byte ptr [ecx+0Eh]
                                            shl eax, 08h
                                            or eax, edx
                                            shl eax, 08h
                                            or eax, ecx
                                            ret
                                            int3
                                            int3
                                            int3
                                            int3
                                            int3
                                            mov eax, ecx
                                            mov dword ptr [eax], 00000000h
                                            mov dword ptr [eax+04h], 00000000h
                                            ret
                                            push esi
                                            push edi
                                            mov esi, ecx
                                            call dword ptr [0000D518h]
                                            Programming Language:
                                            • [ C ] VS2003 (.NET) build 3077
                                            • [C++] VS2003 (.NET) build 3077
                                            • [RES] VS2003 (.NET) build 3077
                                            • [LNK] VS2003 (.NET) build 3077
                                            NameVirtual AddressVirtual Size Is in Section
                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x152e180x118.rdata
                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x2280000x13fca0.rsrc
                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IAT0x13d0000x598.rdata
                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                            .text0x10000x13bc900x13c000a098c7e84ad5a36a04535e1c3b73e500False0.5445657078223892data6.741499573740984IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                            .rdata0x13d0000x17c840x180007985ce6b5d14c95b3d11911cc6832e60False0.5450439453125data6.199908013459288IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .data0x1550000xd29080xe00033ed2020b692083bf67c882b0e6ea252False0.7456926618303571data7.206453493549018IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                            .rsrc0x2280000x13fca00x140000346e5f5c26d99c414f37c58330519d06False0.4897743225097656data7.030552656201732IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                            RT_CURSOR0x2296a80x134dataEnglishUnited States0.275974025974026
                                            RT_CURSOR0x2297dc0xb4dataEnglishUnited States0.6444444444444445
                                            RT_CURSOR0x2298900x134Targa image data - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.39935064935064934
                                            RT_CURSOR0x2299c40xb4Targa image data - RLE 32 x 65536 x 1 +16 "\001"EnglishUnited States0.8944444444444445
                                            RT_CURSOR0x229a780x134dataEnglishUnited States0.12012987012987013
                                            RT_ICON0x229bac0x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.3225609756097561
                                            RT_ICON0x22a2140x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.43951612903225806
                                            RT_ICON0x22a4fc0x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 288EnglishUnited States0.4016393442622951
                                            RT_ICON0x22a6e40x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.4831081081081081
                                            RT_ICON0x22a80c0x35e0PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9907192575406032
                                            RT_ICON0x22ddec0xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.4584221748400853
                                            RT_ICON0x22ec940x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.47382671480144406
                                            RT_ICON0x22f53c0x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsEnglishUnited States0.45564516129032256
                                            RT_ICON0x22fc040x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.3504335260115607
                                            RT_ICON0x23016c0x668Device independent bitmap graphic, 48 x 96 x 4, image size 0EnglishUnited States0.1774390243902439
                                            RT_ICON0x2307d40x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishUnited States0.26344086021505375
                                            RT_ICON0x230abc0x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishUnited States0.46621621621621623
                                            RT_ICON0x230be40xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishUnited States0.5335820895522388
                                            RT_ICON0x231a8c0x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.5478339350180506
                                            RT_ICON0x2323340x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.41401734104046245
                                            RT_ICON0x23289c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.34865145228215766
                                            RT_ICON0x234e440x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.36538461538461536
                                            RT_ICON0x235eec0x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.6462765957446809
                                            RT_ICON0x2363540x668Device independent bitmap graphic, 48 x 96 x 4, image size 0EnglishUnited States0.27987804878048783
                                            RT_ICON0x2369bc0x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishUnited States0.40860215053763443
                                            RT_ICON0x236ca40x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 0EnglishUnited States0.47540983606557374
                                            RT_ICON0x236e8c0x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishUnited States0.5506756756756757
                                            RT_ICON0x236fb40xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishUnited States0.4650852878464819
                                            RT_ICON0x237e5c0x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.677797833935018
                                            RT_ICON0x2387040x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0EnglishUnited States0.7534562211981567
                                            RT_ICON0x238dcc0x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.8034682080924855
                                            RT_ICON0x2393340x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.32676348547717843
                                            RT_ICON0x23b8dc0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.4547373358348968
                                            RT_ICON0x23c9840x988Device independent bitmap graphic, 24 x 48 x 32, image size 0EnglishUnited States0.5823770491803278
                                            RT_ICON0x23d30c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.600177304964539
                                            RT_ICON0x23d7740x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.07868508221933042
                                            RT_ICON0x24df9c0x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States0.15114568005045195
                                            RT_ICON0x2574440x67e8Device independent bitmap graphic, 80 x 160 x 32, image size 26560EnglishUnited States0.1543233082706767
                                            RT_ICON0x25dc2c0x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States0.175184842883549
                                            RT_ICON0x2630b40x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.15948275862068967
                                            RT_ICON0x2672dc0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.24107883817427386
                                            RT_ICON0x2698840x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.2678236397748593
                                            RT_ICON0x26a92c0x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.37459016393442623
                                            RT_ICON0x26b2b40x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.42819148936170215
                                            RT_MENU0x26b71c0x280dataChineseTaiwan0.55
                                            RT_MENU0x26b99c0x350dataGermanGermany0.46226415094339623
                                            RT_MENU0x26bcec0x2f2dataEnglishUnited States0.46419098143236076
                                            RT_MENU0x26bfe00x34cdataFrenchFrance0.45260663507109006
                                            RT_MENU0x26c32c0x356dataItalianItaly0.4601873536299766
                                            RT_MENU0x26c6840x2c0dataJapaneseJapan0.5539772727272727
                                            RT_MENU0x26c9440x2c4dataKoreanNorth Korea0.5706214689265536
                                            RT_MENU0x26c9440x2c4dataKoreanSouth Korea0.5706214689265536
                                            RT_MENU0x26cc080x286dataChineseChina0.5479876160990712
                                            RT_MENU0x26ce900x336data0.46228710462287104
                                            RT_MENU0x26d1c80x116dataChineseTaiwan0.7086330935251799
                                            RT_MENU0x26d2e00x20adataGermanGermany0.5268199233716475
                                            RT_MENU0x26d4ec0x1d2dataEnglishUnited States0.5343347639484979
                                            RT_MENU0x26d6c00x220dataFrenchFrance0.5055147058823529
                                            RT_MENU0x26d8e00x1fedataItalianItaly0.515686274509804
                                            RT_MENU0x26dae00x146dataJapaneseJapan0.7239263803680982
                                            RT_MENU0x26dc280x144dataKoreanNorth Korea0.7253086419753086
                                            RT_MENU0x26dc280x144dataKoreanSouth Korea0.7253086419753086
                                            RT_MENU0x26dd6c0x12edataChineseChina0.7019867549668874
                                            RT_MENU0x26de9c0x1f4data0.536
                                            RT_MENU0x26e0900x6adataChineseTaiwan0.7452830188679245
                                            RT_MENU0x26e0fc0x9cdataGermanGermany0.7115384615384616
                                            RT_MENU0x26e1980x70dataEnglishUnited States0.75
                                            RT_MENU0x26e2080x90dataFrenchFrance0.6805555555555556
                                            RT_MENU0x26e2980x88dataItalianItaly0.7205882352941176
                                            RT_MENU0x26e3200x78dataJapaneseJapan0.75
                                            RT_MENU0x26e3980x78dataKoreanNorth Korea0.7833333333333333
                                            RT_MENU0x26e3980x78dataKoreanSouth Korea0.7833333333333333
                                            RT_MENU0x26e4100x6adataChineseChina0.7452830188679245
                                            RT_MENU0x26e47c0x8cdata0.6857142857142857
                                            RT_MENU0x26e5080x22dataChineseTaiwan1.1764705882352942
                                            RT_MENU0x26e52c0x4adataGermanGermany0.8378378378378378
                                            RT_MENU0x26e5780x34dataEnglishUnited States1.0
                                            RT_MENU0x26e5ac0x3edataFrenchFrance0.9193548387096774
                                            RT_MENU0x26e5ec0x42dataItalianItaly0.9545454545454546
                                            RT_MENU0x26e6300x28dataJapaneseJapan1.125
                                            RT_MENU0x26e6580x24dataKoreanNorth Korea1.1944444444444444
                                            RT_MENU0x26e6580x24dataKoreanSouth Korea1.1944444444444444
                                            RT_MENU0x26e67c0x22dataChineseChina1.1764705882352942
                                            RT_MENU0x26e6a00x3cdata1.0166666666666666
                                            RT_DIALOG0x26e6dc0x1a6dataChineseTaiwan0.5284360189573459
                                            RT_DIALOG0x26e8840x1a6dataGermanGermany0.523696682464455
                                            RT_DIALOG0x26ea2c0x1a6dataEnglishUnited States0.523696682464455
                                            RT_DIALOG0x26ebd40x1a6dataFrenchFrance0.523696682464455
                                            RT_DIALOG0x26ed7c0x1a6dataItalianItaly0.523696682464455
                                            RT_DIALOG0x26ef240x19edataJapaneseJapan0.538647342995169
                                            RT_DIALOG0x26f0c40x1a6dataKoreanNorth Korea0.5284360189573459
                                            RT_DIALOG0x26f0c40x1a6dataKoreanSouth Korea0.5284360189573459
                                            RT_DIALOG0x26f26c0x1a6dataChineseChina0.5260663507109005
                                            RT_DIALOG0x26f4140x1aedata0.5302325581395348
                                            RT_DIALOG0x26f5c40x140dataChineseTaiwan0.70625
                                            RT_DIALOG0x26f7040x1d8dataGermanGermany0.5614406779661016
                                            RT_DIALOG0x26f8dc0x1cadataEnglishUnited States0.5633187772925764
                                            RT_DIALOG0x26faa80x1bcdataFrenchFrance0.5968468468468469
                                            RT_DIALOG0x26fc640x18cdataItalianItaly0.6035353535353535
                                            RT_DIALOG0x26fdf00x162dataJapaneseJapan0.7457627118644068
                                            RT_DIALOG0x26ff540x144dataKoreanNorth Korea0.7376543209876543
                                            RT_DIALOG0x26ff540x144dataKoreanSouth Korea0.7376543209876543
                                            RT_DIALOG0x2700980x138dataChineseChina0.6987179487179487
                                            RT_DIALOG0x2701d00x1cedata0.5757575757575758
                                            RT_DIALOG0x2703a00x2cadataChineseTaiwan0.5714285714285714
                                            RT_DIALOG0x27066c0x4cedataGermanGermany0.4056910569105691
                                            RT_DIALOG0x270b3c0x448dataEnglishUnited States0.39507299270072993
                                            RT_DIALOG0x270f840x4f8dataFrenchFrance0.3977987421383648
                                            RT_DIALOG0x27147c0x49cdataItalianItaly0.38813559322033897
                                            RT_DIALOG0x2719180x34edataJapaneseJapan0.5721040189125296
                                            RT_DIALOG0x271c680x32edataKoreanNorth Korea0.5675675675675675
                                            RT_DIALOG0x271c680x32edataKoreanSouth Korea0.5675675675675675
                                            RT_DIALOG0x271f980x2c2dataChineseChina0.5722379603399433
                                            RT_DIALOG0x27225c0x48edata0.3936535162950257
                                            RT_STRING0x2726ec0xeedataChineseTaiwan0.5378151260504201
                                            RT_STRING0x2727dc0x10adataGermanGermany0.5225563909774437
                                            RT_STRING0x2728e80x104dataEnglishUnited States0.5076923076923077
                                            RT_STRING0x2729ec0x116dataFrenchFrance0.5215827338129496
                                            RT_STRING0x272b040x10cdataItalianItaly0.5111940298507462
                                            RT_STRING0x272c100xfcdataJapaneseJapan0.5674603174603174
                                            RT_STRING0x272d0c0xf0dataKoreanNorth Korea0.5625
                                            RT_STRING0x272d0c0xf0dataKoreanSouth Korea0.5625
                                            RT_STRING0x272dfc0xeedataChineseChina0.542016806722689
                                            RT_STRING0x272eec0x116data0.5179856115107914
                                            RT_STRING0x2730040xdeMatlab v4 mat-file (little endian) Gr-N\011g, numeric, rows 0, columns 0ChineseTaiwan0.6891891891891891
                                            RT_STRING0x2730e40x204Matlab v4 mat-file (little endian) a, numeric, rows 0, columns 0GermanGermany0.4573643410852713
                                            RT_STRING0x2732e80x1aaMatlab v4 mat-file (little endian) , numeric, rows 0, columns 0EnglishUnited States0.4624413145539906
                                            RT_STRING0x2734940x20aMatlab v4 mat-file (little endian) n, numeric, rows 0, columns 0FrenchFrance0.4521072796934866
                                            RT_STRING0x2736a00x1acMatlab v4 mat-file (little endian) n, numeric, rows 0, columns 0ItalianItaly0.4532710280373832
                                            RT_STRING0x27384c0x116Matlab v4 mat-file (little endian) \3740\3230\3740\205Qn0\2710\2570\3520\3270\3100L0\237S\340Vg0 , numeric, rows 0, columns 0JapaneseJapan0.6438848920863309
                                            RT_STRING0x2739640x100Matlab v4 mat-file (little endian) , numeric, rows 0, columns 0KoreanNorth Korea0.796875
                                            RT_STRING0x2739640x100Matlab v4 mat-file (little endian) , numeric, rows 0, columns 0KoreanSouth Korea0.796875
                                            RT_STRING0x273a640xe0Matlab v4 mat-file (little endian) Gr-N\204v\320g*N\032\201,g\374[\364\201 , numeric, rows 0, columns 0ChineseChina0.6696428571428571
                                            RT_STRING0x273b440x1a8Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 00.5070754716981132
                                            RT_STRING0x273cec0x56Matlab v4 mat-file (little endian) \326S\201\211, numeric, rows 0, columns 0ChineseTaiwan0.5348837209302325
                                            RT_STRING0x273d440x110Matlab v4 mat-file (little endian) \344, numeric, rows 0, columns 0GermanGermany0.41544117647058826
                                            RT_STRING0x273e540xcaMatlab v4 mat-file (little endian) e, numeric, rows 0, columns 0EnglishUnited States0.45544554455445546
                                            RT_STRING0x273f200x106Matlab v4 mat-file (little endian) h, numeric, rows 0, columns 0FrenchFrance0.44274809160305345
                                            RT_STRING0x2740280xfaMatlab v4 mat-file (little endian) e, numeric, rows 0, columns 0ItalianItaly0.384
                                            RT_STRING0x2741240x8eMatlab v4 mat-file (little endian) \2420\3030\3270\3550\3740\3110Y0\2130\3250\2410\2440\3530\2220x\220\236bW0~0Y0 , numeric, rows 0, columns 0JapaneseJapan0.5
                                            RT_STRING0x2741b40x7cdataKoreanNorth Korea0.6290322580645161
                                            RT_STRING0x2741b40x7cdataKoreanSouth Korea0.6290322580645161
                                            RT_STRING0x2742300x5cMatlab v4 mat-file (little endian) \351b\201\211, numeric, rows 0, columns 0ChineseChina0.4891304347826087
                                            RT_STRING0x27428c0x138Matlab v4 mat-file (little endian) e, numeric, rows 0, columns 00.4166666666666667
                                            RT_STRING0x2743c40x52dataChineseTaiwan0.8536585365853658
                                            RT_STRING0x2744180xaadataGermanGermany0.6
                                            RT_STRING0x2744c40x98dataEnglishUnited States0.6052631578947368
                                            RT_STRING0x27455c0xd6dataFrenchFrance0.5373831775700935
                                            RT_STRING0x2746340xaadataItalianItaly0.5764705882352941
                                            RT_STRING0x2746e00x70dataJapaneseJapan0.7857142857142857
                                            RT_STRING0x2747500x58dataKoreanNorth Korea0.8977272727272727
                                            RT_STRING0x2747500x58dataKoreanSouth Korea0.8977272727272727
                                            RT_STRING0x2747a80x52dataChineseChina0.8048780487804879
                                            RT_STRING0x2747fc0xc8data0.54
                                            RT_ACCELERATOR0x2748c40x80dataEnglishUnited States0.6875
                                            RT_GROUP_CURSOR0x2749440x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States1.0294117647058822
                                            RT_GROUP_CURSOR0x2749680x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States1.0
                                            RT_GROUP_CURSOR0x27498c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                            RT_GROUP_ICON0x2749a00x102dataEnglishUnited States0.6046511627906976
                                            RT_GROUP_ICON0x274aa40xaedataEnglishUnited States0.6206896551724138
                                            RT_GROUP_ICON0x274b540x84dataEnglishUnited States0.6363636363636364
                                            RT_VERSION0x274bd80x3c4dataEnglishUnited States0.4221991701244813
                                            RT_DLGINCLUDE0x274f9c0x6dc36PC bitmap, Windows 3.x format, 57163 x 2 x 39, image size 450068, cbSize 449590, bits offset 540.6995462532529638
                                            RT_ANIICON0x2e2bd40xe52ePC bitmap, Windows 3.x format, 7462 x 2 x 45, image size 58788, cbSize 58670, bits offset 540.3828532469746037
                                            RT_ANIICON0x2f11040xadb5PC bitmap, Windows 3.x format, 6091 x 2 x 54, image size 44877, cbSize 44469, bits offset 540.3292181069958848
                                            RT_ANIICON0x2fbebc0xc408PC bitmap, Windows 3.x format, 6487 x 2 x 36, image size 50833, cbSize 50184, bits offset 540.3397895743663319
                                            RT_ANIICON0x3082c40x3251cPC bitmap, Windows 3.x format, 26260 x 2 x 36, image size 206180, cbSize 206108, bits offset 540.4970597938944631
                                            RT_ANIICON0x33a7e00x2d4bfPC bitmap, Windows 3.x format, 23999 x 2 x 52, image size 185728, cbSize 185535, bits offset 540.4973832430538712
                                            DLLImport
                                            WSOCK32.dllsetsockopt, gethostbyname, htonl, ioctlsocket, htons, WSAStartup, ntohl, WSACleanup
                                            WININET.dllHttpQueryInfoA
                                            CRYPT32.dllCertFreeCertificateContext, CertVerifySubjectCertificateContext, CertFindCertificateInStore, CertCreateCertificateContext, CryptGetMessageCertificates, CryptVerifyMessageSignature, CertCloseStore
                                            VERSION.dllGetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA
                                            WINMM.dllwaveInStop, waveInAddBuffer, waveInStart, waveInGetNumDevs, waveOutGetNumDevs, waveInClose, waveOutGetDevCapsA, waveOutPrepareHeader, waveOutWrite, waveOutReset, waveOutUnprepareHeader, waveInReset, waveInUnprepareHeader, waveInPrepareHeader, waveInOpen, waveInGetDevCapsA, timeGetTime, waveOutClose, waveOutOpen, timeKillEvent, timeSetEvent, timeGetDevCaps, timeBeginPeriod, timeEndPeriod
                                            KERNEL32.dllGetSystemInfo, GetUserDefaultLangID, ExitThread, GlobalFree, GetFileAttributesA, GetFileAttributesW, LockResource, LoadResource, FindResourceExA, FindResourceExW, GlobalAlloc, CreateThread, GetTimeZoneInformation, GetSystemTime, SystemTimeToFileTime, DeleteFileA, DeleteFileW, MoveFileA, VirtualQuery, RemoveDirectoryA, RemoveDirectoryW, CreateDirectoryA, CreateDirectoryW, CreateFileA, CreateFileW, ReadFile, WriteFile, GetTempFileNameA, GetTempPathA, GetTempFileNameW, GetTempPathW, SetFilePointer, GetFileSize, GetFileAttributesExA, GetFileAttributesExW, FindFirstFileA, FindFirstFileW, FindNextFileA, FindNextFileW, FindClose, GetSystemDirectoryA, GetModuleFileNameA, MoveFileExA, CreateMutexA, ReleaseMutex, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, WaitForSingleObject, WideCharToMultiByte, GlobalUnlock, GlobalLock, IsDBCSLeadByteEx, lstrlenA, SetEndOfFile, CopyFileA, CopyFileW, GetModuleFileNameW, GetCommandLineW, ExitProcess, GetModuleHandleA, GetCommandLineA, GetProcessTimes, GetCurrentProcess, CreateEventA, SetEvent, TlsAlloc, SetThreadPriority, InterlockedIncrement, InterlockedDecrement, ResetEvent, WaitForMultipleObjects, VirtualFree, VirtualAlloc, GetThreadPriority, GetCurrentThread, GetSystemDefaultLangID, FreeLibrary, GetLastError, GetStartupInfoA, CreateProcessA, CloseHandle, LCMapStringW, LCMapStringA, GetTickCount, GetCurrentThreadId, GetLocaleInfoA, SetErrorMode, LoadLibraryA, GetProcAddress, QueryPerformanceCounter, QueryPerformanceFrequency, IsDBCSLeadByte, GetACP, GetCPInfo, MultiByteToWideChar, GetVersionExA, InterlockedExchange, InterlockedCompareExchange, Sleep, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, HeapAlloc, GetProcessHeap, MoveFileW, HeapFree
                                            USER32.dllGetSubMenu, LoadMenuA, SetTimer, KillTimer, GetClientRect, ScreenToClient, GetCursorPos, SetCursor, LoadCursorA, EndPaint, BeginPaint, GetMenu, DestroyWindow, GetFocus, WindowFromPoint, GetCapture, ReleaseCapture, SetCapture, TrackPopupMenu, ClientToScreen, DeleteMenu, GetMenuItemID, IsWindow, DefWindowProcA, GetWindowLongA, CreateWindowExA, RegisterClipboardFormatA, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, SetClipboardData, EmptyClipboard, InsertMenuA, InsertMenuW, RemoveMenu, GetWindow, UnregisterClassA, LoadStringW, MoveWindow, SetMenu, UpdateWindow, ShowWindow, SetDlgItemTextA, SetDlgItemTextW, EnableWindow, GetDlgItemTextA, GetWindowTextLengthA, DestroyMenu, GetWindowTextLengthW, PostQuitMessage, GetMenuStringA, GetMenuStringW, RegisterClassA, DispatchMessageA, TranslateMessage, TranslateAcceleratorA, GetMessageA, LoadAcceleratorsA, PostThreadMessageA, GetQueueStatus, PeekMessageA, MsgWaitForMultipleObjects, RegisterWindowMessageA, SystemParametersInfoA, DialogBoxIndirectParamW, DialogBoxIndirectParamA, PostMessageA, EndDialog, SetWindowLongA, GetParent, GetWindowRect, GetDesktopWindow, SetWindowPos, LoadIconA, GetDlgItem, SendMessageA, SetWindowTextA, SetFocus, GetMenuItemCount, GetMenuItemInfoA, GetSystemMetrics, InsertMenuItemA, DdeInitializeA, DdeCreateStringHandleA, DdeConnect, DdeClientTransaction, DdeDisconnect, DdeFreeStringHandle, DdeUninitialize, SendInput, GetKeyboardLayout, GetDC, ReleaseDC, GetDoubleClickTime, LoadStringA, EnableMenuItem, CheckMenuItem, InvalidateRect, WaitForInputIdle, MapVirtualKeyA, FillRect, GetKeyState, DialogBoxParamW, DialogBoxParamA, GetDlgItemTextW, MessageBoxA
                                            GDI32.dllGetTextMetricsA, GetClipRgn, SetTextColor, ExtTextOutW, ExtTextOutA, CreateRectRgn, GetTextAlign, GetBkMode, GetTextColor, EnumFontFamiliesA, SetTextCharacterExtra, BeginPath, EndPage, DPtoLP, FillPath, ExtCreatePen, StrokePath, EndDoc, StartDocA, LPtoDP, CreateSolidBrush, GetClipBox, GetSystemPaletteEntries, CreatePalette, GetTextExtentPoint32A, CreatePen, GetBkColor, SetBkColor, GetCurrentObject, GetTextExtentPoint32W, EndPath, SetPolyFillMode, MoveToEx, LineTo, PolyBezierTo, SelectClipPath, SaveDC, RestoreDC, GdiFlush, DeleteObject, SelectObject, StretchDIBits, SetDIBitsToDevice, CreateCompatibleBitmap, GetObjectA, CreateCompatibleDC, DeleteDC, CreateDIBSection, GetDeviceCaps, BitBlt, RealizePalette, SelectPalette, GetStockObject, CreateFontIndirectA, SetBkMode, SetTextAlign, IntersectClipRect, SelectClipRgn, StartPage
                                            comdlg32.dllGetOpenFileNameA, PrintDlgA, GetOpenFileNameW, GetSaveFileNameW, CommDlgExtendedError, GetSaveFileNameA
                                            ADVAPI32.dllRegCloseKey, RegQueryValueExA, RegOpenKeyExA, RegQueryValueExW, RegOpenKeyExW, RegSetValueExA, RegCreateKeyA, RegSetValueA
                                            SHELL32.dllDragQueryFileA, DragAcceptFiles, SHBrowseForFolderA, SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHAppBarMessage, DragQueryFileW
                                            ole32.dllCoTaskMemAlloc, CoFreeUnusedLibraries, CoInitialize, CoUninitialize, CoCreateInstance, CoTaskMemFree
                                            Language of compilation systemCountry where language is spokenMap
                                            EnglishUnited States
                                            ChineseTaiwan
                                            GermanGermany
                                            FrenchFrance
                                            ItalianItaly
                                            JapaneseJapan
                                            KoreanNorth Korea
                                            KoreanSouth Korea
                                            ChineseChina
                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                            2024-12-04T17:24:42.492570+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1104.37.175.2217575192.168.2.749744TCP
                                            TimestampSource PortDest PortSource IPDest IP
                                            Dec 4, 2024 17:24:41.081568956 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:41.201606035 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:41.205519915 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:41.206115007 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:41.326275110 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:42.364509106 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:42.372425079 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:42.492569923 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:42.725116968 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:42.733805895 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:42.857877970 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.103658915 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.103682995 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.103693962 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.103812933 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.103837967 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.103858948 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.103872061 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.103883028 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.103883982 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.103915930 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.104480982 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.104504108 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.104528904 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.112402916 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.112457991 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.115495920 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.115567923 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.115618944 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.225476027 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.225683928 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.225728989 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.295469999 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.295576096 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.295638084 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.299346924 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.299448013 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.299509048 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.307131052 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.307260990 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.307317019 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.314970016 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.315063000 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.315118074 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.322560072 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.322643042 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.322705030 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.330507040 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.330606937 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.330651045 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.338038921 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.338148117 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.338195086 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.345634937 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.345779896 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.345891953 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.353600979 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.353657007 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.353692055 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.361131907 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.361217976 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.361258984 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.369012117 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.369086027 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.369160891 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.377747059 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.377892971 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.377931118 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.385314941 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.439050913 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.488197088 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.488387108 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.488429070 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.490542889 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.490709066 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.490753889 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.498397112 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.498478889 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.498521090 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.506474018 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.506570101 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.506612062 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.514094114 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.514194012 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.514235973 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.518594980 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.518778086 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.518831968 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.523279905 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.523353100 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.523415089 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.527806997 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.527813911 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.527951002 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.532619953 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.532737970 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.532782078 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.537164927 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.537230015 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.537270069 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.542372942 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.542479992 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.542596102 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.546921968 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.547014952 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.547091007 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.550714970 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.550745010 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.550776958 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.554939032 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.555012941 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.555119038 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.559360027 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.559427023 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.559462070 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.563246012 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.563325882 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.563369989 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.567476988 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.567580938 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.567642927 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.571604013 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.571711063 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.571747065 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.576014996 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.576133013 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.576169968 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.580641031 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.580794096 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.580832958 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.584296942 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.584410906 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.584448099 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.608398914 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.608546019 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.608593941 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.610722065 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.610865116 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.610908985 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.615228891 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.615366936 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.615408897 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.619836092 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.619849920 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.619885921 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.679368973 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.679527998 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.679610014 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.681504011 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.681597948 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.681638956 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.685827971 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.685937881 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.686013937 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.690017939 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.690073967 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.690143108 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.694099903 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.694188118 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.694235086 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.697982073 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.698080063 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.698152065 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.702116013 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.702435970 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.702510118 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.705919981 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.705977917 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.706031084 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.709156036 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.709259033 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.709306955 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.712307930 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.712376118 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.712426901 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.715725899 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.715818882 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.715898037 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.719036102 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.719172001 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.719269037 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.722551107 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.722692966 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.722739935 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.725717068 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.725861073 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.725908041 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.729099989 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.729212046 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.729270935 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.732386112 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.732443094 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.732484102 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.735723972 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.735810041 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.735847950 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.739193916 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.739294052 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.739336967 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.741214991 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.741317034 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.741363049 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.743134975 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.743232965 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.743271112 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.745018959 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.745101929 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.745140076 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.746911049 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.747014999 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.747059107 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.748848915 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.748980045 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.749026060 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.750837088 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.751075029 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.751113892 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.752944946 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.753062010 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.753104925 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.754755020 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.754904032 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.754955053 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.756737947 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.756810904 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.756850004 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.758786917 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.758882999 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.758920908 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.760678053 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.760715008 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.760761023 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.762761116 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.762816906 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.762866020 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.764647007 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.764714956 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.764751911 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.766554117 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.766648054 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.766693115 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.768506050 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.768646002 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.768690109 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.770505905 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.770582914 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.770634890 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.772397041 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.772524118 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.772562981 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.774364948 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.774454117 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.774494886 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.872385979 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.872411013 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.872503042 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.873307943 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.873574018 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.873611927 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.873668909 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.875624895 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.875663996 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.875683069 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.877346992 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.877425909 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.877429008 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.879245043 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.879285097 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.879336119 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.881373882 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.881419897 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.881547928 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.883388042 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.883444071 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.883452892 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.885114908 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.885166883 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.885169983 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.886704922 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.886768103 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.886782885 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.888494968 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.888547897 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.888611078 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.889969110 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.890017033 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.890054941 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.891649008 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.891690016 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.891742945 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.892796040 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.892841101 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.892894983 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.894124031 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.894181967 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.894316912 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.895497084 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.895539999 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.895575047 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.896840096 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.896879911 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.896935940 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.898350954 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.898396969 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.898416042 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.899921894 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.899961948 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.900053024 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.901480913 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.901524067 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.901573896 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.902856112 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.902909040 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.902967930 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.904453039 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.904505014 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.904534101 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.905920982 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.905975103 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.905998945 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.907361984 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.907413006 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.907429934 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.908879042 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.908932924 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.909025908 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.910375118 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.910419941 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.910701036 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.911983967 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.912036896 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.912117958 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.913444996 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.913491964 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.913578987 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.914921045 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.914963961 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.915013075 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.916404963 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.916457891 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.916498899 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.917898893 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.917944908 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.918025970 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.919430971 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.919472933 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.919517994 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.920942068 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.920984983 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.921003103 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.923161983 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.923214912 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.923325062 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.923957109 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.923998117 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.924133062 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.925489902 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.925539017 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.925611973 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.926976919 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.927038908 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.927108049 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.928525925 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.928574085 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.928622961 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.930071115 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.930113077 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.930207014 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.931653976 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.931688070 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.931691885 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.933231115 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.933269978 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.933275938 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.934864998 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.934886932 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.934915066 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.936229944 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.936264038 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.936291933 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.937669039 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.937705994 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.937750101 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.939018011 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.939091921 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.939124107 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.940562010 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.940606117 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.940785885 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.942213058 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.942254066 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.942312956 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.943701982 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.943758011 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.943816900 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.945296049 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.945352077 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.945395947 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.946908951 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.946921110 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.946949959 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.948314905 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.948357105 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.948479891 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.949592113 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.949639082 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:43.949646950 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.951039076 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:43.951078892 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.063262939 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.063338041 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.063380003 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.063900948 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.063985109 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.064039946 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.065212965 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.065300941 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.065346003 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.066911936 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.067070007 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.067111969 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.067756891 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.067859888 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.067898989 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.069097996 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.069289923 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.069319010 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.070235968 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.070388079 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.070425034 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.071485043 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.071588039 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.071624041 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.072689056 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.072788954 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.072829008 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.073986053 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.074022055 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.074059010 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.075167894 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.075206041 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.075241089 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.076255083 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.076384068 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.076416969 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.077523947 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.077634096 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.077671051 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.078624010 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.078742027 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.078779936 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.079858065 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.079994917 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.080033064 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.081017017 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.081113100 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.081156969 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.082197905 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.082351923 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.082390070 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.083451033 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.083527088 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.083566904 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.084775925 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.084892035 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.084924936 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.085875034 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.085985899 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.086029053 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.086954117 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.087012053 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.087052107 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.088140965 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.088304043 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.088345051 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.089327097 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.089502096 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.089550972 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.090524912 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.090713978 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.090759993 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.091710091 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.091823101 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.091864109 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.092896938 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.092974901 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.093010902 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.094146967 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.094221115 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.094254017 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.095366955 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.095474005 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.095511913 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.096504927 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.096683025 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.096720934 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.097744942 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.097861052 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.097898960 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.098860979 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.099090099 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.099133015 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.100039005 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.100174904 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.100217104 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.101294041 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.101346970 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.101586103 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.102413893 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.102505922 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.102550030 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.103648901 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.103737116 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.103900909 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.105079889 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.105309963 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.105350971 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.106262922 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.106359005 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.106435061 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.107264042 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.107428074 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.108407974 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.108458996 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.108611107 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.108643055 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.109560966 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.109708071 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.109801054 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.110742092 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.110785007 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.110835075 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.111923933 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.111989975 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.112248898 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.113424063 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.113470078 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.113517046 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.114425898 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.114592075 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.114629030 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.115509987 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.115688086 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.115731001 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.116687059 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.116832018 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.116868019 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.117949009 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.118062973 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.118104935 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.119098902 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.119220972 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.119263887 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.120302916 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.120374918 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.120407104 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.121507883 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.121582985 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.121710062 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.122729063 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.122862101 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.122936010 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.123791933 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.123899937 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.124973059 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.125219107 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.125453949 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.126044035 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.126224041 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.173435926 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.257755041 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.257905006 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.258055925 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.258234978 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.258352995 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.259629965 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.259690046 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.259701014 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.259730101 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.260548115 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.260615110 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.260915995 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.261580944 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.261665106 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.262736082 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.262787104 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.262830019 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.262878895 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.264023066 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.264142990 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.264914036 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.264956951 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.264987946 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.265022039 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.266066074 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.266172886 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.267132044 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.267230034 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.267240047 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.267515898 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.268318892 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.268409014 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.268467903 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.269185066 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.269299030 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.269360065 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.270220041 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.270339966 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.271224976 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.271297932 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.271473885 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.271518946 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.272618055 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.272733927 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.272980928 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.273700953 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.273859024 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.274724960 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.274806976 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.274818897 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.274878025 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.275823116 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.275976896 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.276910067 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.276989937 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.277007103 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.277034998 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.277992010 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.278091908 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.278139114 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.279468060 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.279529095 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.279769897 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.280874014 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.280931950 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.280968904 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.281980991 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.282058001 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.282115936 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.282936096 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.283039093 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.284004927 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.284049988 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.284092903 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.284147024 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.285378933 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.285434961 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.285478115 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.286520958 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.286592960 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.286714077 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.287764072 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.287866116 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.288793087 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.288836956 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.288856030 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.288908958 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.289946079 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.290107012 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.290150881 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.290842056 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.290971994 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.291868925 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.291955948 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.292203903 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.292252064 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.293078899 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.293174982 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.294327021 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.294372082 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.294375896 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.294399977 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.295324087 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.295453072 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.295500994 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.296479940 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.296725035 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.297677994 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.297724962 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.297823906 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.297864914 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.298894882 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.298971891 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.299014091 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.300153971 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.300343990 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.301126957 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.301173925 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.301223040 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.301266909 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.302273989 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.302376032 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.302442074 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.303458929 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.303571939 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.304600000 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.304641962 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.304725885 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.304763079 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.305768013 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.305849075 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.306912899 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.307221889 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.307348967 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.308499098 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.308547974 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.308585882 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.308628082 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.309541941 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.309632063 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.310590029 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.310631990 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.310703993 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.310762882 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.311697960 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.311795950 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.311847925 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.312827110 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.313091993 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.313903093 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.313944101 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.313992023 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.314028025 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.314989090 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.315089941 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.315139055 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.316173077 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.316338062 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.317284107 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.317336082 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.448721886 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.448791981 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.448905945 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.449393034 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.449441910 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.450862885 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.450921059 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.451021910 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.451092005 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.452430964 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.452636957 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.453751087 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.453905106 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.453962088 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.454679012 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.455185890 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.455336094 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.456474066 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.456552029 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.456587076 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.456654072 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.457729101 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.457850933 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.458657026 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.458904028 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.459041119 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.460078001 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.460133076 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.460186005 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.460232973 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.461119890 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.461256027 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.462099075 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.462152958 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.462236881 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.462356091 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.463170052 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.463223934 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.463285923 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.464093924 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.464298010 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.465468884 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.465534925 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.465625048 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.465662003 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.466445923 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.466610909 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.466722012 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.467483044 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.467557907 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.468656063 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.468718052 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.468853951 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.468900919 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.469995022 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.470124006 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.470191956 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.471174955 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.471353054 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.472376108 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.472476006 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.472528934 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.472623110 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.473365068 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.473444939 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.473537922 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.474509954 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.474591970 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.475549936 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.475621939 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.475722075 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.475764036 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.476589918 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.476701975 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.477686882 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.477760077 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.477852106 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.477901936 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.478806019 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.478903055 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.479881048 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.479947090 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.479989052 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.480036020 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.481049061 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.481152058 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.481998920 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.482043028 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.482053041 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.482104063 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.483031988 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.483135939 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.483184099 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.484236002 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.484365940 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.485721111 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.485788107 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.485790014 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.485831022 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.486543894 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.486603022 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.486923933 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.487690926 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.487792015 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.488823891 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.488886118 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.488976955 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.489016056 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.489962101 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.490132093 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.490921021 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.491275072 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.491372108 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.492310047 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.492357969 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.492413998 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.492469072 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.493383884 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.493662119 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.494569063 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.494627953 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.494645119 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.494685888 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.495549917 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.495628119 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.495682955 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.496587038 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.496731043 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.496824980 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.497791052 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.497914076 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.498918056 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.498958111 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.499093056 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.499896049 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.500070095 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.500436068 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.500520945 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.501389027 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.501591921 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.501698017 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.502825022 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.502857924 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.502926111 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.504235029 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.504411936 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.504733086 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.505458117 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.505822897 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.505867004 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.506742954 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.506854057 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.506918907 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.507797003 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.507961035 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.508754015 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.508817911 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.508852959 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.508907080 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.509787083 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.528949976 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.528991938 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.640865088 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.641025066 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.641093969 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.641400099 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.641510010 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.642620087 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.642672062 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.642679930 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.642735004 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.643837929 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.643953085 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.644012928 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.644948006 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.645037889 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.645215034 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.646123886 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.646312952 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.646353006 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.647447109 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.647492886 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.647536039 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.648500919 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.648576021 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.649009943 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.649616003 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.649714947 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.649759054 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.650626898 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.650736094 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.650914907 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.651963949 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.652107954 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.653182030 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.653249025 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.653290987 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.653335094 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.654318094 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.654339075 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.654921055 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.655457973 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.655606031 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.655801058 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.656711102 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.656769991 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.657552004 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.657717943 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.657800913 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.657841921 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.658704042 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.658930063 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.658979893 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.659868956 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.659965038 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.660059929 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.660891056 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.661041021 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.661086082 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.662049055 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.662190914 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.662225962 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.663373947 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.663533926 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.663613081 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.664671898 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.664824963 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.664895058 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.665726900 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.665839911 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.665891886 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.666718960 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.666851997 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.667088985 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.667865038 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.667962074 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.668010950 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.668950081 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.669066906 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.669114113 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.670281887 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.670387983 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.670434952 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.671372890 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.671456099 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.671544075 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.672477961 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.672609091 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.672736883 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.673615932 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.673819065 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.673866034 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.675023079 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.675178051 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.675230980 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.676096916 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.676175117 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.676249981 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.677170992 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.677263021 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.677393913 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.678339958 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.678486109 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.678580046 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.679656982 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.679725885 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.679775000 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.680846930 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.680960894 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.681058884 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.682060957 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.682199001 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.682243109 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.683172941 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.683301926 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.683459997 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.684392929 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.684479952 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.684518099 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.685439110 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.685529947 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.685602903 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.686191082 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.686252117 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.686885118 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.687015057 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.687052965 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.688218117 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.688410997 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.688446045 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.690135956 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.690226078 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.690301895 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.691740036 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.691756010 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.691800117 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.693211079 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.694051981 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.694106102 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.694268942 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.694394112 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.694447994 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.695596933 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.695667028 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.695714951 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.696680069 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.696774006 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.696839094 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.697760105 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.697776079 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.697817087 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.698683023 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.698757887 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.698821068 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.700078011 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.700150013 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.700232029 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.701122999 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.701293945 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.702406883 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.702420950 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.702456951 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.702487946 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.703392029 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.723429918 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.723479986 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.833374977 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.833452940 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.833509922 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.833834887 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.833942890 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.834284067 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.834949970 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.835064888 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.835108995 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.836155891 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.836282015 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.836361885 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.837523937 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.837678909 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.837820053 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.838907957 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.839013100 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.839210033 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.840092897 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.840186119 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.840229034 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.841171980 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.841293097 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.841384888 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.842313051 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.842421055 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.842462063 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.843415022 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.843466043 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.843508959 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.844453096 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.844543934 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.844619036 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.845936060 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.846029997 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.846081018 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.846971989 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.847209930 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.847258091 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.848177910 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.848269939 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.848318100 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.849422932 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.849505901 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.849550009 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.850573063 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.850748062 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.851857901 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.851929903 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.851967096 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.851999044 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.853230953 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.853332996 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.853383064 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.854517937 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.854599953 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.855633020 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.855690956 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.855771065 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.855813026 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.856961012 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.857084036 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.857137918 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.858374119 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.858576059 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.860121012 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.860198021 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.860212088 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.860249043 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.861763000 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.861881018 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.861962080 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.862837076 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.862966061 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.863024950 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.863969088 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.864089966 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.864139080 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.864972115 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.865039110 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.865087032 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.865902901 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.866018057 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.866069078 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.866959095 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.867103100 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.867141962 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.868231058 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.868351936 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.868408918 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.869867086 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.869968891 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.870012999 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.870870113 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.870992899 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.871038914 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.871845007 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.871885061 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.871947050 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.873147011 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.873250008 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.873294115 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.874193907 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.874236107 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.874315023 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.875166893 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.875174999 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.875212908 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.876240969 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.876363993 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.876410961 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.877398968 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.877468109 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.877580881 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.878587961 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.878737926 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.878782034 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.879591942 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.879702091 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.879770994 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.880671024 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.880773067 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.880866051 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.882052898 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.882071018 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.882141113 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.882991076 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.883214951 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.883335114 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.884026051 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.884174109 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.884352922 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.885166883 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.885235071 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.885276079 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.886209965 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.886370897 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.886420012 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.887293100 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.887392998 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.887435913 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.888573885 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.888627052 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.888869047 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.889614105 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.889722109 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.889880896 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.890810013 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.890943050 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.891071081 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.891942024 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.892096996 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.892182112 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.893157959 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.893244982 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.893450975 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.894531965 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.894655943 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.894737959 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:44.895798922 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:44.939049006 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.027473927 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.027556896 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.027714968 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.027832031 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.027919054 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.027962923 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.028698921 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.028717995 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.028759956 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.029687881 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.029843092 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.029889107 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.030998945 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.031080961 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.031138897 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.031778097 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.031852007 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.031897068 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.032862902 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.032931089 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.032979012 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.033798933 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.033884048 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.033942938 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.034995079 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.035065889 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.035135031 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.036032915 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.036113977 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.036195993 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.036878109 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.037008047 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.037117958 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.037935972 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.037997961 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.038075924 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.038934946 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.039086103 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.039757967 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.040056944 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.040177107 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.040226936 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.041398048 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.041558981 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.041604996 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.043015957 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.043086052 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.043190002 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.043986082 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.044244051 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.044295073 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.045010090 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.045105934 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.045161009 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.046207905 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.046442986 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.046497107 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.047437906 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.047497034 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.047544003 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.048398018 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.048465014 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.048527956 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.049288034 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.049448013 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.049494982 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.050358057 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.050487995 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.050544977 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.051423073 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.051573038 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.051621914 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.052591085 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.052639961 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.052687883 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.053812981 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.053899050 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.053951025 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.055154085 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.055197954 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.055289030 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.056283951 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.056442976 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.056484938 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.057446957 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.057569981 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.057756901 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.058407068 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.058533907 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.058620930 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.059731007 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.059782982 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.059829950 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.060532093 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.060662985 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.060738087 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.061769009 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.061892986 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.061959028 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.062947035 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.063185930 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.063263893 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.064274073 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.064404964 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.064460039 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.065324068 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.065476894 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.065535069 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.066448927 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.066576004 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.066622019 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.067414999 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.067491055 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.067580938 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.068332911 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.068455935 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.068494081 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.069585085 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.069714069 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.069761992 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.070853949 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.070950985 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.071000099 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.071774960 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.071891069 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.071964979 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.073133945 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.073179007 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.073231936 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.074012995 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.074126005 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.074172020 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.075082064 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.075318098 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.075376987 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.076222897 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.076385975 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.076442003 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.077389956 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.077533007 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.077588081 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.078710079 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.078798056 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.078866005 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.079931021 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.080056906 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.080101013 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.081029892 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.081147909 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.081198931 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.081957102 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.082118988 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.082652092 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.083287954 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.083362103 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.083451033 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.084491014 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.084605932 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.084669113 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.085706949 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.126533031 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.220273972 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.220597982 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.220695972 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.220792055 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.221137047 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.221204042 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.221283913 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.222754955 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.222799063 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.222800970 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.223974943 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.224029064 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.224083900 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.225033045 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.225085974 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.225133896 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.226176023 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.226253986 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.376056910 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376080990 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376085043 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376092911 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376096010 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376099110 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376106024 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376111031 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376122952 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376128912 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376135111 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376141071 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376147032 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376152039 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376157999 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376164913 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376169920 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376168966 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.376183033 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376192093 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376198053 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376213074 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376219034 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376219034 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.376219034 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.376230955 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376235008 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.376238108 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376245022 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376250029 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376252890 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.376256943 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376269102 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.376283884 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376285076 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.376291037 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376297951 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376307964 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376316071 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376322985 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.376327991 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376334906 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376339912 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376349926 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376352072 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.376357079 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376368046 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.376370907 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376379013 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376393080 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.376398087 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376404047 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376410007 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.376426935 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376431942 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376437902 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.376473904 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376478910 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376486063 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376491070 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376497984 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376502991 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376518011 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376523018 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.376528978 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376543999 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376543999 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.376550913 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376557112 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376562119 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376568079 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376573086 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376584053 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376590014 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376594067 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.376595974 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376602888 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376610994 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376614094 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376616001 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.376626968 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376632929 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376651049 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.376657963 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376663923 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376672983 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.376676083 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376684904 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376691103 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376701117 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376702070 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.376707077 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376713991 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376729012 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376734972 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376738071 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.376740932 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376749039 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376754045 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376768112 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376769066 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.376785994 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.376785994 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376792908 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376805067 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376810074 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376815081 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376820087 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376832962 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376832962 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.376838923 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376846075 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376852036 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376862049 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.376863003 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376869917 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376878023 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.376880884 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376888037 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376893997 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376904964 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.376909018 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.376919985 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.376948118 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.381681919 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.381721973 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.408917904 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.408926010 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.408977032 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.409332991 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.409388065 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.409419060 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.410521984 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.410567999 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.410605907 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.411670923 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.411756992 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.411783934 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.412885904 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.413009882 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.413033009 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.414025068 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.414213896 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.414266109 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.415230036 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.415330887 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.415369987 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.416390896 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.416435957 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.416460991 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.417598009 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.417701006 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.417712927 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.418670893 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.418714046 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.418725014 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.419848919 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.419900894 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.419950962 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.420912027 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.421000957 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.421051979 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.422060966 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.422127008 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.422163010 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.423206091 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.423252106 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.423278093 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.424393892 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.424438953 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.424484015 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.425517082 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.425595045 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.425659895 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.426707029 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.426760912 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.426760912 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.427886009 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.427939892 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.428056002 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.429301023 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.429356098 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.429438114 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.430454969 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.430505991 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.483006954 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.483020067 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.483093023 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.493036032 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.495785952 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.495866060 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.495881081 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.495898008 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.495904922 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.495924950 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.495932102 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.495939016 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.495944977 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.495949030 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.495953083 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.495959997 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.495997906 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.496202946 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.496211052 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.496259928 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.496273994 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.496280909 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.496320009 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.497416973 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.497423887 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.497437000 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.497443914 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.497464895 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.497473955 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.497478008 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.497509003 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.498115063 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.498138905 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.498167038 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.498209000 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.498217106 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.498228073 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.498260975 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.498295069 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.498302937 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.498308897 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.498316050 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.498321056 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.498363018 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.498939037 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.499002934 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.499047995 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.499054909 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.499068022 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.499074936 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.499080896 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.499089003 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.499116898 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.499680996 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.499687910 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.499694109 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.499701023 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.499706030 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.499711990 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.499717951 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.499725103 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.499726057 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.499732971 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.499739885 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.499756098 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.499773026 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.500555038 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.500562906 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.500567913 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.500575066 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.500586987 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.500592947 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.500600100 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.500607014 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.500612974 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.500617027 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.500618935 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.500658035 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.501250982 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.501267910 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.501296043 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.501302958 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.501316071 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.501352072 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.501357079 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.501369953 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.501375914 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.501380920 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.501385927 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.501409054 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.501425982 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.601711988 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.601739883 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.601804018 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.602096081 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.602219105 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.602273941 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.603027105 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.603094101 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.603885889 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.603935003 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.603940964 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.603990078 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.604844093 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.604986906 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.605077982 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.605618954 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.605781078 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.605840921 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.606693029 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.606806040 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.607640028 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.607805967 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.607897043 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.607953072 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.608930111 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.609010935 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.609077930 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.609972954 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.610110044 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.610168934 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.611112118 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.611207962 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.611258984 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.612154007 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.612227917 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.613023043 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.613214970 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.613363028 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.613970995 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.614425898 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.614514112 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.614579916 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.615417957 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.615448952 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.615503073 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.616636038 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.616866112 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.616913080 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.617553949 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.617702961 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.617758989 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.618711948 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.618899107 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.618952990 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.619740963 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.619976997 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.620049000 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.620954990 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.621023893 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.621088982 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.621975899 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.622042894 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.622586966 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.622970104 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.623028040 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.623078108 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.624041080 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.624118090 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.624157906 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.625082016 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.625133991 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.625250101 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.626121044 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.626265049 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.626326084 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.626918077 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.627010107 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.627913952 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.627955914 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.627995014 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.628026962 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.628731012 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.628843069 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.629005909 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.629697084 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.629806042 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.629848957 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.630713940 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.630768061 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.631603956 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.631668091 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.631680012 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.631757021 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.632591009 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.632656097 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.632709026 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.633537054 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.633555889 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.633794069 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.634521008 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.634661913 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.634726048 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.635516882 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.635571957 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.635643959 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.636539936 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.636646032 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.636696100 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.637700081 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.637803078 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.637953997 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.638537884 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.638649940 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.638694048 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.639416933 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.639492989 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.639533997 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.640439987 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.640521049 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.640604973 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.641571999 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.641710043 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.642529011 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.642844915 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.642918110 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.644009113 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.644071102 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.644121885 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.644980907 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.645076036 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.645138025 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.646306992 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.646486044 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.646572113 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.647310019 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.647495031 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.647571087 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.648237944 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.648348093 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.648396969 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.649446964 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.649573088 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.649662971 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.650676966 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.650919914 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.650963068 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.652013063 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.652240992 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.652297020 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.652990103 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.653120995 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.653186083 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.654093981 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.654232979 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.654304981 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.655246019 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.655358076 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.655530930 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.655894041 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.704668045 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.792934895 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.792958975 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.793025017 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.793282032 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.793385029 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.793518066 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.794114113 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.794347048 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.794398069 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.795022011 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.795123100 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.795325994 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.795953989 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.796055079 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.796102047 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.796878099 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.796976089 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.797027111 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.797838926 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.797883987 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.797944069 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.798782110 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.798917055 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.798968077 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.799753904 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.799858093 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.799983978 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.800718069 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.800828934 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.800970078 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.801619053 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.801742077 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.801789999 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.802783966 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.802900076 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.802942991 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.803673983 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.803776979 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.804321051 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.804534912 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.804651976 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.804708004 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.805454016 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.805568933 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.805624962 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.806410074 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.806551933 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.806624889 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.807420969 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.807487965 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.807537079 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.808381081 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.808516026 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.808887959 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.809386969 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.809484005 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.809961081 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.810234070 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.810482979 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.810694933 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.811417103 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.811460018 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.811537981 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.812412977 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.812498093 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.812628031 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.813426018 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.813512087 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.813663006 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.814399004 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.814460993 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.814944983 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.815215111 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.815352917 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.815429926 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.816005945 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.816042900 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.816142082 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.817023039 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.817130089 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.817174911 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.817991972 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.818074942 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.818130016 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.818846941 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.818898916 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.818962097 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.819761038 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.819880009 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.819967985 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.820724964 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.820908070 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.820966959 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.821723938 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.821867943 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.821945906 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.822803020 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.822917938 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.822963953 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.823698044 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.823894024 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.823988914 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.824490070 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.824558020 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.824601889 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.825639009 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.825731039 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.826390028 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.826601982 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.826780081 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.826826096 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.827526093 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.827567101 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.827760935 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.828444958 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.828574896 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.828639984 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.829454899 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.829644918 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.829689980 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.830338001 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.830447912 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.831492901 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.831567049 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.831633091 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.831762075 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.832525969 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.832832098 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.832873106 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.833425045 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.833513021 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.833651066 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.834381104 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.834479094 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.834532976 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.835556030 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.835695982 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.835738897 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.836779118 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.836954117 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.837279081 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.837985992 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.838072062 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.838222980 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.838762999 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.838901043 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.839023113 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.839736938 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.839755058 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.839826107 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.840518951 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.840584993 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.841342926 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.841394901 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.841449976 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.841509104 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.842308044 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.842365026 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.842415094 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.843115091 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.849276066 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.985548019 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.985585928 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.985667944 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.986073017 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.986124992 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.986186981 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.986975908 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.987059116 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.987154007 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.988090992 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.988203049 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.988492966 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.989115000 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.989301920 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.989350080 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.990221024 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.990297079 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.990361929 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.991184950 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.991271973 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.991636038 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.991974115 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.992048979 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.992705107 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.992775917 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.992887974 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.992966890 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.993664026 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.993706942 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.993881941 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.994677067 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.994808912 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.994853973 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.995558977 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.995635033 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.995706081 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.996341944 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.996409893 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.996464968 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.997091055 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.997186899 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.997235060 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.997914076 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.997951984 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.998007059 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.998881102 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.999016047 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:45.999111891 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:45.999778986 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.000011921 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.000727892 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.000916004 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.000958920 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.001038074 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.001863956 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.001925945 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.001970053 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.002657890 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.002790928 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.002835989 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.003786087 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.003885984 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.004070997 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.004570961 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.004703045 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.004787922 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.005592108 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.005729914 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.005779982 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.006644011 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.006755114 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.006822109 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.007467031 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.007735014 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.007781029 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.008413076 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.008507967 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.008831024 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.009418011 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.009520054 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.009568930 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.010324955 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.010420084 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.010505915 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.011231899 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.011279106 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.011332989 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.012248039 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.012362003 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.012404919 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.013191938 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.013242960 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.013298988 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.014281034 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.014369011 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.014439106 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.015089035 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.015224934 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.015268087 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.016014099 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.016129017 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.016185999 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.016963005 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.017122030 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.017378092 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.017921925 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.017975092 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.018018961 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.018918991 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.019041061 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.019089937 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.019958019 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.020037889 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.020078897 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.020876884 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.020941019 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.021049976 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.021712065 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.021843910 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.021891117 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.022670984 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.022820950 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.022877932 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.023614883 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.023778915 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.023824930 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.024595976 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.024693012 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.024746895 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.025528908 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.025650978 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.025726080 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.026523113 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.026849985 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.026926994 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.027535915 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.027654886 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.027889967 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.028423071 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.028579950 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.028656960 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.029442072 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.029542923 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.029604912 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.030436039 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.030533075 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.030663967 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.031390905 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.031505108 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.031544924 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.032243013 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.032315969 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.032368898 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.033421993 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.033513069 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.033551931 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.034549952 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.034699917 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.034758091 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.035866976 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.079742908 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.177454948 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.177592993 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.177664995 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.177695990 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.177916050 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.177953959 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.178446054 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.178809881 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.178879023 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.178910017 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.179694891 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.179805994 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.179920912 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.180577993 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.180690050 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.181399107 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.181438923 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.181488991 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.182317019 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.182364941 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.182377100 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.182912111 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.183248997 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.183335066 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.184324026 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.184353113 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.184395075 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.185182095 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.185224056 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.185285091 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.185352087 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.186109066 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.186393976 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.186439037 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.187036991 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.187181950 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.187375069 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.188034058 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.188152075 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.188283920 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.188951969 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.189007044 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.189096928 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.189883947 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.190023899 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.190057993 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.190862894 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.190972090 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.191035032 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.191941023 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.191998959 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.192045927 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.192873955 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.193000078 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.193048954 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.193825006 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.193878889 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.193980932 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.194657087 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.194696903 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.194912910 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.195669889 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.195719957 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.195729017 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.196692944 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.196801901 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.196814060 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.197571039 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.197649002 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.197679043 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.198465109 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.198601007 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.198667049 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.199587107 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.199704885 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.199804068 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.200431108 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.200568914 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.200601101 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.201385975 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.201441050 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.201474905 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.202414989 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.202531099 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.202579021 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.203721046 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.203783989 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.203968048 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.204710960 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.204755068 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.204793930 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.205617905 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.205809116 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.205837011 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.206373930 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.206445932 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.206553936 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.207190990 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.207283974 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.207494020 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.208056927 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.208235025 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.208262920 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.209012032 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.209098101 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.209140062 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.210237980 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.210318089 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.210334063 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.211102962 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.211225033 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.211226940 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.212090015 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.212209940 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.212492943 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.213304996 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.213395119 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.213412046 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.214145899 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.214284897 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.214346886 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.214987040 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.215111971 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.215212107 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.215900898 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.215989113 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.216037035 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.216726065 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.216777086 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.216850042 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.217677116 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.217756987 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.217777014 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.218745947 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.218883991 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.218936920 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.219541073 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.219573975 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.219614983 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.220499992 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.220752954 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.220772982 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.221477985 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.221627951 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.221642971 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.222589970 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.222636938 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.222712994 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.223932981 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.224031925 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.224189997 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.224841118 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.224898100 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.224916935 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.225867987 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.225923061 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.225924015 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.226696968 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.226762056 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.226766109 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.267246008 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.369436026 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.369455099 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.369869947 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.370007992 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.370037079 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.370732069 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.370801926 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.370829105 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.371366024 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.371767044 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.371824980 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.371973991 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.372648954 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.372716904 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.373588085 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.373629093 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.373658895 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.374530077 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.374644995 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.374677896 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.375557899 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.375610113 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.375641108 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.375688076 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.376444101 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.376494884 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.377458096 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.377504110 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.377528906 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.378581047 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.378930092 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.378931999 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.379821062 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.379859924 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.379874945 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.379941940 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.380803108 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.380960941 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.381772041 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.381809950 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.382663012 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.382695913 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.382762909 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.382914066 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.383510113 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.383594036 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.384212017 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.384284973 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.384401083 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.384465933 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.385113001 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.385217905 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.385982037 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.386080027 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.386110067 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.386931896 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.386957884 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.386965036 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.387914896 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.387948990 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.387955904 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.388313055 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.388869047 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.388904095 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.388972998 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.389837980 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.389944077 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.390731096 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.390786886 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.390815973 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.391740084 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.391789913 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.391803026 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.392424107 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.392690897 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.392733097 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.392785072 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.393851042 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.393934965 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.394697905 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.394829035 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.394855022 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.395505905 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.395534992 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.395565987 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.396455050 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.396513939 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.396559954 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.396651030 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.397403002 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.397488117 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.398364067 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.398410082 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.398912907 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.399354935 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.399475098 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.400434971 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.400470018 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.400526047 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.400799036 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.401287079 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.401300907 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.401365042 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.402211905 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.402265072 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.403379917 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.403414965 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.403424025 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.404453993 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.404484987 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.404531002 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.404853106 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.406028986 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.406083107 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.407053947 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.407093048 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.407115936 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.407902002 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.407934904 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.407989979 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.408776045 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.408804893 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.408947945 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.409049034 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.409673929 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.409751892 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.409816980 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.410482883 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.410535097 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.411259890 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.411293983 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.411350012 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.412126064 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.412156105 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.412164927 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.413083076 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.413111925 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.413168907 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.413269997 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.413919926 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.414024115 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.414122105 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.414824009 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.414917946 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.415651083 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.415725946 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.415752888 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.416479111 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.416600943 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.416625023 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.417432070 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.417532921 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.417587042 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.417659998 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.418365955 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.418473959 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.419275045 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.419306040 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.470397949 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.561367035 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.561398983 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.561615944 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.561784983 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.561911106 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.562033892 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.562688112 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.562835932 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.563636065 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.563664913 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.563718081 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.564729929 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.564754963 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.564848900 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.564990997 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.565772057 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.565870047 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.566879988 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.566920042 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.566947937 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.567655087 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.567751884 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.567781925 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.568061113 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.568612099 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.568681002 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.569538116 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.569572926 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.569621086 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.569621086 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.570314884 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.570441008 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.571053982 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.571240902 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.571384907 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.572212934 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.572293043 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.572319984 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.573149920 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.573184013 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.573187113 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.573329926 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.574141979 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.574214935 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.574301958 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.575031042 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.575130939 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.575267076 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.576308012 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.576440096 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.576571941 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.577244997 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.577316999 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.578051090 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.578129053 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.578155994 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.578427076 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.578968048 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.579066038 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.579770088 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.579911947 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.580003023 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.580830097 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.581003904 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.581027985 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.581749916 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.581865072 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.581890106 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.582695961 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.582725048 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.582801104 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.582931042 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.583690882 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.583765030 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.583895922 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.584651947 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.584867001 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.586054087 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.586112976 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.586142063 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.586776972 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.586785078 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.586916924 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.587295055 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.587779999 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.587810040 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.587939978 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.588507891 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.588589907 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.589234114 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.589489937 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.589560986 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.589679956 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.590380907 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.590470076 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.590573072 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.591392040 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.591418982 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.591829062 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.592221022 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.592307091 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.592403889 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.593195915 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.593254089 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.594168901 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.594769955 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.595191002 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.595504045 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.595580101 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.595910072 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.596398115 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.596453905 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.596549034 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.597302914 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.597445965 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.598331928 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.598373890 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.598400116 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.599354029 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.599422932 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.599450111 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.599549055 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.600013971 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.600132942 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.600815058 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.600836992 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.600929022 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.600991964 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.601736069 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.601847887 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.601991892 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.602679014 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.602818012 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.602966070 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.603710890 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.603785038 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.603941917 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.604779005 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.604841948 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.605367899 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.605542898 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.605649948 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.605732918 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.606492996 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.606643915 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.607470989 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.607500076 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.607566118 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.608508110 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.608536005 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.608581066 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.609034061 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.609580994 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.609694958 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.610474110 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.610596895 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.610698938 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.610753059 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.611799955 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.657836914 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.753452063 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.753506899 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.753602028 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.753822088 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.753897905 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.753954887 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.754765034 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.754867077 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.755738020 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.755769968 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.755846024 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.756557941 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.756772995 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.756886005 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.756983995 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.757561922 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.757711887 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.757882118 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.758582115 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.758656025 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.758738041 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.759470940 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.759640932 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.760052919 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.760443926 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.760581970 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.760670900 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.761393070 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.761534929 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.761683941 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.762310028 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.762422085 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.762566090 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.763324976 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.763387918 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.763576031 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.764403105 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.764445066 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.765214920 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.765266895 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.765305042 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.765701056 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.766352892 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.766403913 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.766571999 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.767297029 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.767369032 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.767769098 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.768027067 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.768222094 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.768553019 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.769015074 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.769135952 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.769256115 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.770006895 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.770154953 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.770924091 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.770947933 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.771087885 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.771806002 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.771889925 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.771990061 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.772284031 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.772839069 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.772886992 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.773835897 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.773854971 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.773947001 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.774189949 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.774713993 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.774827003 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.774961948 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.775652885 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.775804996 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.775854111 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.776700974 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.776806116 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.777683973 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.777735949 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.777760983 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.778548956 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.778657913 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.778671980 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.778764963 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.779522896 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.779627085 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.779753923 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.780749083 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.780869007 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.781277895 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.781718016 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.781800032 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.781964064 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.782541990 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.782588959 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.783006907 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.783324003 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.783411026 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.783461094 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.784338951 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.784399033 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.784512043 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.785248041 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.785320997 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.785756111 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.786209106 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.786294937 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.786561966 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.787122011 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.787209034 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.788747072 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.788825989 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.788852930 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.789436102 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.789613962 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.789673090 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.789812088 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.790687084 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.790838003 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.790884972 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.791696072 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.791901112 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.792351007 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.792516947 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.792557001 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.793256044 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.793337107 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.793392897 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.793495893 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.794302940 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.794559956 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.794631958 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.795129061 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.795238972 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.795653105 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.795984030 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.796273947 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.796350002 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.796822071 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.796926975 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.797092915 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.797817945 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.797914028 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.798053026 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.798619032 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.798715115 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.798911095 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.799561024 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.799844027 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.799916029 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.800543070 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.800631046 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.801280022 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.801506042 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.801644087 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.801729918 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.802365065 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.802428961 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.802882910 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.803283930 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.845588923 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.947927952 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.947951078 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.948152065 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.948190928 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.948286057 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.948918104 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.949206114 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.949249029 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.950018883 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.950229883 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.950284958 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.950622082 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.951277971 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.951349974 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.951782942 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.952179909 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.952224970 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.953068018 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.953164101 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.953243971 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.953346968 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.954082012 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.954157114 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.954282045 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.954901934 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.955015898 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.955363989 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.955956936 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.956012011 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.956779957 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.956849098 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.956875086 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.956984043 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.957614899 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.957711935 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.958056927 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.958678007 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.958709002 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.958800077 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.959691048 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.959739923 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.960350037 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.960453987 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.960483074 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.960572004 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.961185932 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.961302042 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.962066889 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.962142944 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.962167025 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.962600946 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.962929964 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.963093042 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.963251114 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.963888884 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.963998079 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.964266062 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.964994907 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.965145111 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.965245008 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.966021061 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.966084957 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.966860056 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.966896057 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.966921091 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.966978073 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.967732906 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.967771053 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.967838049 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.968754053 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.968789101 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.968873024 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.969475985 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.969553947 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.969779968 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.970525980 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.970642090 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.970688105 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.971489906 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.971585989 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.972229958 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.972521067 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.972610950 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.972712994 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.973562002 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.973689079 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.973985910 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.974467039 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.974697113 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.974822044 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.975724936 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.975795031 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.975908995 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.976646900 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.976857901 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.976963043 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.977776051 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.977909088 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.978086948 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.978699923 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.978790998 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.978903055 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.979717016 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.979733944 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.979815006 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.980520010 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.980740070 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.980861902 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.981472015 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.981591940 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.981686115 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.982722044 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.982857943 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.983185053 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.983885050 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.984086990 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.984273911 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.985042095 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.985069036 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.985160112 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.986198902 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.986378908 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.986469984 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.987159014 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.987232924 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.988156080 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.988172054 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.988236904 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.988236904 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.988785982 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.988858938 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.989126921 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.989667892 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.989722967 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.989801884 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.990534067 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.990593910 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.990688086 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.991369009 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.991430998 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.991532087 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.992212057 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.992249966 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.992305994 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.993025064 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.993098974 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.994312048 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.994369984 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.995253086 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.995281935 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.995388985 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.996088028 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.996309996 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.996378899 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.997306108 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.997330904 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:46.997493982 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.998392105 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:46.998415947 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.049283028 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.138200045 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.138257027 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.138325930 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.138509035 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.138664961 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.138799906 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.138840914 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.140021086 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.140068054 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.140093088 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.140918016 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.140979052 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.141024113 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.141995907 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.142036915 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.142225027 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.143197060 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.143285036 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.143336058 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.144340992 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.144387960 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.144412041 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.145349979 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.145554066 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.145595074 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.146527052 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.146568060 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.146722078 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.147960901 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.147974968 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.148015976 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.148647070 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.148689985 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.148821115 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.149506092 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.149547100 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.149588108 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.150437117 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.150480032 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.150546074 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.151473045 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.151593924 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.151640892 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.152506113 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.152559996 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.152708054 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.153620958 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.153744936 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.153800011 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.154670954 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.154716015 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.154778004 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.155833960 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.155848980 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.155894995 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.156955004 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.157042027 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.157087088 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.158191919 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.158236980 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.158293962 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.159570932 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.159697056 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.159750938 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.161186934 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.161292076 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.161341906 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.162707090 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.162724972 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.162748098 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.163731098 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.163769960 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.342613935 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.342634916 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.342648029 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.342658997 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.342670918 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.342681885 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.342693090 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.342705011 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.342717886 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.342730045 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.342747927 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.347434998 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.347446918 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.347457886 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.347469091 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.347480059 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.347492933 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.347503901 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.347512007 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.347524881 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.347537994 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.347544909 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.347554922 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.350244045 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350255966 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350267887 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350280046 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350301981 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.350308895 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.350317955 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350331068 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350342035 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350353003 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350363970 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.350373983 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350382090 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.350392103 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350403070 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350414991 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350423098 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.350435019 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350441933 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.350450993 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350461960 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350483894 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.350492001 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350501060 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.350511074 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350521088 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350533009 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350543976 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.350549936 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350560904 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350569963 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.350579977 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350595951 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350600958 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.350610971 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350622892 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350632906 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350645065 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350652933 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.350662947 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350670099 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.350678921 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350687027 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.350697041 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350708961 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350719929 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350728035 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.350739002 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350749969 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.350759029 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350769043 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350780010 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350788116 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.350797892 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350806952 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.350816011 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350827932 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350842953 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.350852013 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350863934 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.350873947 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350887060 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.350934982 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.351068020 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.351078033 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.351089001 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.351100922 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.351109028 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.351119041 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.351130009 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.351139069 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.351147890 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.351161003 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.351167917 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.351176977 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.351198912 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.351211071 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.351224899 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.351233959 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.351243973 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.351253986 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.351264000 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.351284027 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.351294994 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.351306915 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.351320028 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.351326942 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.351336002 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.351346970 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.351356983 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.351368904 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.351378918 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.351388931 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.351397038 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.351408958 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.351418972 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.351428032 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.351438999 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.351448059 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.351458073 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.353343964 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.359361887 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.365178108 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.372376919 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.372966051 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.417072058 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.417092085 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.417154074 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.420952082 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.452624083 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.453119993 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.457653046 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.457668066 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.457679987 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.457691908 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.457735062 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.457801104 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.458878040 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.459047079 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.459053993 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.459105968 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.459120035 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.460071087 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.460113049 CET497447575192.168.2.7104.37.175.221
                                            Dec 4, 2024 17:24:47.585359097 CET757549744104.37.175.221192.168.2.7
                                            Dec 4, 2024 17:24:47.585454941 CET757549744104.37.175.221192.168.2.7

                                            Click to jump to process

                                            Click to jump to process

                                            Click to dive into process behavior distribution

                                            Click to jump to process

                                            Target ID:0
                                            Start time:11:24:18
                                            Start date:04/12/2024
                                            Path:C:\Users\user\Desktop\1CSDmJh1zN.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\Desktop\1CSDmJh1zN.exe"
                                            Imagebase:0x400000
                                            File size:2'764'800 bytes
                                            MD5 hash:9921EAF4B2C06A77DE92D1F439922C77
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:low
                                            Has exited:true

                                            Target ID:3
                                            Start time:11:24:36
                                            Start date:04/12/2024
                                            Path:C:\Users\user\Desktop\1CSDmJh1zN.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\Desktop\1CSDmJh1zN.exe"
                                            Imagebase:0x400000
                                            File size:2'764'800 bytes
                                            MD5 hash:9921EAF4B2C06A77DE92D1F439922C77
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000003.00000003.1525258981.0000000000A20000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000003.00000003.1528260985.00000000030F0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000003.00000003.1528086431.0000000002ED0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000003.00000002.1541082442.0000000000BB0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:low
                                            Has exited:true

                                            Target ID:4
                                            Start time:11:24:37
                                            Start date:04/12/2024
                                            Path:C:\Windows\SysWOW64\svchost.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Windows\System32\svchost.exe"
                                            Imagebase:0x9f0000
                                            File size:46'504 bytes
                                            MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1529007847.00000000009C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000002.1627090269.0000000003080000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000004.00000003.1540457438.00000000051A0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000004.00000003.1540087653.0000000004F80000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:high
                                            Has exited:true

                                            Target ID:7
                                            Start time:11:24:37
                                            Start date:04/12/2024
                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                            Wow64 process (32bit):true
                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 436
                                            Imagebase:0x8e0000
                                            File size:483'680 bytes
                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            Target ID:8
                                            Start time:11:24:47
                                            Start date:04/12/2024
                                            Path:C:\Windows\System32\fontdrvhost.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Windows\System32\fontdrvhost.exe"
                                            Imagebase:0x7ff6080a0000
                                            File size:827'408 bytes
                                            MD5 hash:BBCB897697B3442657C7D6E3EDDBD25F
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:moderate
                                            Has exited:true

                                            Target ID:10
                                            Start time:11:24:50
                                            Start date:04/12/2024
                                            Path:C:\Windows\System32\WerFault.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\system32\WerFault.exe -u -p 2980 -s 4
                                            Imagebase:0x7ff686890000
                                            File size:570'736 bytes
                                            MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            Reset < >

                                              Execution Graph

                                              Execution Coverage:0%
                                              Dynamic/Decrypted Code Coverage:0%
                                              Signature Coverage:7.8%
                                              Total number of Nodes:51
                                              Total number of Limit Nodes:0
                                              execution_graph 33916 42b640 45 API calls 33922 40de70 26 API calls 33837 424870 OpenClipboard GetClipboardData GetClipboardData GetClipboardData CloseClipboard 33925 417273 28 API calls 33926 420670 16 API calls 33929 4c9670 GetCurrentThreadId GetKeyboardLayout GetLocaleInfoA 33839 4dc870 EnterCriticalSection LeaveCriticalSection 33935 4275fe 16 API calls 33842 4d8000 EndDoc 33936 40d210 46 API calls 33846 4fc810 InitializeCriticalSection 33941 408220 14 API calls 33848 401031 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection 33849 41d430 56 API calls 33950 4012c0 16 API calls 33953 40fad0 26 API calls 33852 4118d0 7 API calls 33854 4144de 34 API calls 33957 4086e0 19 API calls 33855 41d8e0 35 API calls 33856 4210e0 InterlockedCompareExchange Sleep InterlockedCompareExchange InterlockedExchange 33959 41bee8 19 API calls 33966 411a80 27 API calls 33967 40c290 QueryPerformanceCounter QueryPerformanceCounter 33867 427090 GetACP GetCPInfo 33869 401ca0 278 API calls 33970 40eaa0 28 API calls 33874 41b4b0 48 API calls 33973 41eab0 28 API calls 33979 4f9340 CoCreateInstance 33880 40d560 29 API calls 33982 417f61 29 API calls 33881 401170 12 API calls 33988 50af60 CoTaskMemAlloc 33826 4dc300 GetCommandLineA 33827 42c310 33826->33827 33886 40fd10 39 API calls 33823 44a710 33824 44a712 ExitProcess 33823->33824 33892 40d530 25 API calls 34000 41ef32 26 API calls 33893 40cdc0 17 API calls 34005 4ddfc0 64 API calls 34006 4263cc 18 API calls 33896 40d1d0 24 API calls 33898 41e5d0 GetSystemTime GetTimeZoneInformation 34007 42abd0 30 API calls 33902 41cde0 36 API calls 33905 412180 25 API calls 34014 4dd780 46 API calls 33908 428191 26 API calls

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 0 44a710-44a719 2 44a729 0->2 3 44a71b-44a727 0->3 4 44a73a-44a748 ExitProcess 2->4 3->4
                                              APIs
                                              • ExitProcess.KERNEL32(00000000), ref: 0044A748
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: ExitProcess
                                              • String ID:
                                              • API String ID: 621844428-399585960
                                              • Opcode ID: 293620465462d170643fb551289f4f82b8ddd7fd95f4a21ffe41ffa866c1d984
                                              • Instruction ID: 4153d7d145e48ef0bfada68ad49838f97c765877aadb4e058581a2a78d09dbec
                                              • Opcode Fuzzy Hash: 293620465462d170643fb551289f4f82b8ddd7fd95f4a21ffe41ffa866c1d984
                                              • Instruction Fuzzy Hash: E7E04F75E4A25CCEEB30CA56EC017B8B775EB94316F0040EBD54D96241C6344D958F56

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 5 44a6e0-44a6fa 6 44a6fc-44a706 5->6 7 44a708 5->7 8 44a712-44a719 6->8 7->8 9 44a729 8->9 10 44a71b-44a727 8->10 11 44a73a-44a748 ExitProcess 9->11 10->11
                                              APIs
                                              • ExitProcess.KERNEL32(00000000), ref: 0044A748
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: ExitProcess
                                              • String ID:
                                              • API String ID: 621844428-0
                                              • Opcode ID: 301b0aacc8fca0e78445999e19763b72f532b71fd961c991c7f3581a4234fff3
                                              • Instruction ID: 1ceb8dd2f8bb3b7ec6cf47d3eabd97270618131fd29c238ba72ea5f4f3f95bef
                                              • Opcode Fuzzy Hash: 301b0aacc8fca0e78445999e19763b72f532b71fd961c991c7f3581a4234fff3
                                              • Instruction Fuzzy Hash: 79F01C7494622DCEEF308F61C8457ACB7B0BB04315F1082EAC46D67780C3348E829F86

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 12 4dc300-4dc310 GetCommandLineA call 42c310
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CommandLine
                                              • String ID:
                                              • API String ID: 3253501508-0
                                              • Opcode ID: 04003b1c6e78a75645abe312a21659dec6fb72e0dd25253600e7555adc4d96f0
                                              • Instruction ID: 324ae4de550c7ee1837b525cc46cc1c53208b04041f71095fcaff5b360da8b69
                                              • Opcode Fuzzy Hash: 04003b1c6e78a75645abe312a21659dec6fb72e0dd25253600e7555adc4d96f0
                                              • Instruction Fuzzy Hash: 51B012788003A00E83717B3834455CE7FF50C1D2E43844A58FCC1A3315D61488975AFA

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 14 4d7960-4d796e 15 4d7977-4d797a 14->15 16 4d7970-4d7976 14->16 17 4d797c-4d7984 15->17 18 4d7985-4d7995 LoadLibraryA 15->18 19 4d7ad8-4d7aeb 18->19 20 4d799b-4d7aac GetProcAddress * 19 18->20 20->19 22 4d7aae-4d7ab5 20->22 23 4d7ab7-4d7ab9 22->23 24 4d7ad2 22->24 23->24 25 4d7abb-4d7ad1 23->25 24->19
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: WSAAsyncGetHostByName$WSAAsyncSelect$WSACancelAsyncRequest$WSACleanup$WSAGetLastError$WSAStartup$WSOCK32.DLL$accept$bind$closesocket$connect$htonl$htons$inet_addr$listen$recv$recvfrom$send$sendto$socket
                                              • API String ID: 0-3677570488
                                              • Opcode ID: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                              • Instruction ID: 8c9ac86f1f98df4bb1f2f2f05f7a43d8bd4a8589446ea9a4d4fdb8b68f6288ad
                                              • Opcode Fuzzy Hash: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                              • Instruction Fuzzy Hash: 5031DE71D523646AD7206BB9EC19DEF3EACFBB6704B510517F000972A0EAF88458AF94

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 689 4d9ab0-4d9ab7 690 4d9abd-4d9ac0 689->690 691 4d9c1c-4d9c1d 689->691 690->691 692 4d9ac6-4d9ad4 690->692 693 4d9ada-4d9aeb call 4b8000 692->693 694 4d9ba3-4d9ba5 692->694 699 4d9c19-4d9c1b 693->699 700 4d9af1-4d9b14 call 421380 GlobalAlloc 693->700 696 4d9ba8-4d9bad 694->696 696->696 698 4d9baf-4d9bc2 GlobalAlloc 696->698 698->699 701 4d9bc4-4d9bcb GlobalLock 698->701 699->691 707 4d9b2e-4d9b3f call 52b380 700->707 708 4d9b16-4d9b28 GlobalLock call 4b81c0 GlobalUnlock 700->708 702 4d9bd0-4d9bd8 701->702 702->702 704 4d9bda-4d9bdb GlobalUnlock 702->704 706 4d9be1-4d9be3 704->706 710 4d9be9-4d9bf3 OpenClipboard 706->710 711 4d9be5-4d9be7 706->711 716 4d9b41-4d9b6b WideCharToMultiByte GlobalAlloc 707->716 717 4d9b90-4d9ba1 call 439d00 707->717 708->707 710->699 714 4d9bf5-4d9c03 EmptyClipboard 710->714 711->699 711->710 718 4d9c0a-4d9c0c 714->718 719 4d9c05-4d9c08 SetClipboardData 714->719 720 4d9b6d-4d9b70 GlobalLock 716->720 721 4d9b87-4d9b8d call 439d00 716->721 717->706 722 4d9c0e-4d9c11 SetClipboardData 718->722 723 4d9c13 CloseClipboard 718->723 719->718 725 4d9b76-4d9b7e 720->725 721->717 722->723 723->699 725->725 728 4d9b80-4d9b81 GlobalUnlock 725->728 728->721
                                              APIs
                                              • GlobalAlloc.KERNEL32(00002002,00000002), ref: 004D9B06
                                              • GlobalLock.KERNEL32(00000000), ref: 004D9B17
                                              • GlobalUnlock.KERNEL32(00000000), ref: 004D9B28
                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000001,00000000,00000000), ref: 004D9B51
                                              • GlobalAlloc.KERNEL32(00002002,00000001), ref: 004D9B61
                                              • GlobalLock.KERNEL32(00000000), ref: 004D9B70
                                              • GlobalUnlock.KERNEL32(00000000), ref: 004D9B81
                                              • GlobalAlloc.KERNEL32(00002002,00000003,?,?,?,00000000,0040D599,00000000,00000000), ref: 004D9BB8
                                              • GlobalLock.KERNEL32(00000000), ref: 004D9BC5
                                              • GlobalUnlock.KERNEL32(00000000), ref: 004D9BDB
                                              • OpenClipboard.USER32(00000000), ref: 004D9BEB
                                              • EmptyClipboard.USER32 ref: 004D9BF5
                                              • SetClipboardData.USER32(0000000D,00000000), ref: 004D9C08
                                              • SetClipboardData.USER32(00000001,00000000), ref: 004D9C11
                                              • CloseClipboard.USER32 ref: 004D9C13
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: Global$Clipboard$AllocLockUnlock$Data$ByteCharCloseEmptyMultiOpenWide
                                              • String ID:
                                              • API String ID: 3392129136-0
                                              • Opcode ID: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                              • Instruction ID: e40826f6a6b6de4095afa5ba746f594757548e465f4129e7c784a6b23cc7d310
                                              • Opcode Fuzzy Hash: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                              • Instruction Fuzzy Hash: 7A41F371104302ABE3111B61BC99B277BFCAFA1B04F09041BF986D7341DA69EC09D7BA

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 778 416621-416631 779 416637-41663c 778->779 780 416b2e-416b35 778->780 779->780 781 416642-416651 call 49ad90 779->781 784 416653 781->784 785 416655-41665b 781->785 784->785 786 41666d-41667a call 4848b0 785->786 787 41665d-41666b call 4848b0 785->787 792 41667e-416682 786->792 787->792 793 416684-416688 792->793 794 4166bc-4166c1 792->794 793->794 797 41668a-416692 793->797 795 4166c3 794->795 796 4166c5-4166c9 794->796 795->796 799 41686a-41687b call 40cef0 796->799 800 4166cf-4166e7 call 463050 call 411870 796->800 797->794 798 416694-41669d 797->798 798->794 801 41669f-4166ac 798->801 809 4168a5-4168ae 799->809 810 41687d-416881 799->810 800->799 818 4166ed-4167be call 4c9000 call 40ceb0 call 4900f0 call 4c9000 call 40ceb0 call 4900f0 call 4c9000 call 40ceb0 call 4900f0 call 4c9000 call 40ceb0 call 4900f0 800->818 804 4166ba 801->804 805 4166ae-4166b2 801->805 804->794 805->804 808 4166b4-4166b8 805->808 808->794 808->804 813 4168b0-4168b5 809->813 814 4168c5-4168c9 809->814 810->809 812 416883-41688b 810->812 812->809 816 41688d-416895 812->816 813->814 817 4168b7-4168c0 call 40f880 813->817 819 416b0f-416b2b call 439d00 814->819 820 4168cf-4168d9 814->820 816->809 821 416897-4168a0 call 40f880 816->821 817->814 916 4167c0-4167d5 call 4c9000 818->916 917 4167d7-4167e7 call 4c9000 818->917 819->780 825 4168f9-41690e call 415860 820->825 826 4168db-4168f3 call 463050 call 411870 820->826 821->809 837 416af2-416b0e call 439d00 825->837 838 416914-416928 825->838 826->825 826->837 842 416940-416950 838->842 843 41692a-41693b call 4900f0 838->843 847 416952-416963 call 4900f0 842->847 848 416968-416978 842->848 858 416ab6-416ac8 call 4c9030 843->858 847->858 849 416990-4169a0 848->849 850 41697a-41698b call 4900f0 848->850 855 4169a2-4169b3 call 4900f0 849->855 856 4169b8-4169c8 849->856 850->858 855->858 863 4169e0-4169f0 856->863 864 4169ca-4169db call 4900f0 856->864 876 416ad7-416aec call 415860 858->876 877 416aca-416ad2 call 4900f0 858->877 869 4169f2-416a03 call 4900f0 863->869 870 416a08-416a18 863->870 864->858 869->858 870->858 872 416a1e-416a3b call 4900f0 call 48c060 870->872 890 416a3d-416a6d call 463070 call 490dd0 call 48c060 872->890 891 416a6f-416a79 call 4023b0 872->891 876->837 876->838 877->876 890->858 890->891 891->858 901 416a7b-416a86 call 411870 891->901 901->858 908 416a88-416a9e call 48c020 call 495630 901->908 908->858 921 416aa0-416ab3 call 4900f0 call 439d00 908->921 925 4167ec-416812 call 40ceb0 call 4900f0 916->925 917->925 921->858 933 416814-416827 call 495630 925->933 934 41683f-416852 call 495630 925->934 933->934 939 416829-41683c call 4900f0 call 439d00 933->939 934->799 940 416854-416867 call 4900f0 call 439d00 934->940 939->934 940->799
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: COMM$TALB$TCON$TIT2$TPE1$TRCK$TYER$album$artist$comment$genre$songname$track$year
                                              • API String ID: 0-590896439
                                              • Opcode ID: 58e90cd763c27353f5f737474b6cde04d51412e2af52a5f89d8bdd9097ff8991
                                              • Instruction ID: 644f6fcce6cd6c0cf36f8c2a49984ad5006fbd26ddfeab9ab515d91a446fbcca
                                              • Opcode Fuzzy Hash: 58e90cd763c27353f5f737474b6cde04d51412e2af52a5f89d8bdd9097ff8991
                                              • Instruction Fuzzy Hash: 36D1F471204240ABDB14EA55C892BBB77E9AF84304F05482EF64587382EF7DDC49C7AA
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: _level$gfff$gfff$landscape$paperHeight$portrait$printAsBitmap$xMax$xMin$yMax$yMin
                                              • API String ID: 0-188115620
                                              • Opcode ID: dea08f720592daa481637ef8359b17615b2d3d0a0cce9d10a90a14ebba861c01
                                              • Instruction ID: 70ff334641663e0afb433915ac50cfd4971647fdd0d0ab24e810831b83e0dab3
                                              • Opcode Fuzzy Hash: dea08f720592daa481637ef8359b17615b2d3d0a0cce9d10a90a14ebba861c01
                                              • Instruction Fuzzy Hash: 7C6290706047019FC714DF29D491AABB7E1FF88344F14896EF58A8B791DB38E884CB99
                                              APIs
                                              • OpenClipboard.USER32(00000000), ref: 004D9C27
                                              • GetClipboardData.USER32(00000001), ref: 004D9C3A
                                              • GetClipboardData.USER32(0000000D), ref: 004D9C42
                                              • GetClipboardData.USER32(00000000), ref: 004D9C4B
                                              • CloseClipboard.USER32 ref: 004D9C56
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: Clipboard$Data$CloseOpen
                                              • String ID:
                                              • API String ID: 464010812-0
                                              • Opcode ID: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                              • Instruction ID: 2f18cbc0f6c8a3dbd26954e8439ab7c802a903eab365c315afdcc22c9d276e9e
                                              • Opcode Fuzzy Hash: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                              • Instruction Fuzzy Hash: 41E09AB230022517EB9026BA6C4CF97A2EC9F54F90F050123F604C6340E6A6CC0457B1
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $K$gfff$gfff$gfff
                                              • API String ID: 0-1048959944
                                              • Opcode ID: d12f4ee0db7e837eeaddada9b02ab57d1ed414e4daef55ec7281e1621cc72c7d
                                              • Instruction ID: 9d2a5138eda07fb78ed16dc27847904d5eff4784a57d1f73a6c8b6feaa4118fd
                                              • Opcode Fuzzy Hash: d12f4ee0db7e837eeaddada9b02ab57d1ed414e4daef55ec7281e1621cc72c7d
                                              • Instruction Fuzzy Hash: 91426DB06083558FC728CF19D590A6BBBE5BFC8304F44895EF88A8B352D738D945CB96
                                              APIs
                                              • GetCurrentThreadId.KERNEL32 ref: 004C9674
                                              • GetKeyboardLayout.USER32(00000000), ref: 004C967B
                                              • GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,?,?,004D9D12,?,000000FF), ref: 004C9693
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CurrentInfoKeyboardLayoutLocaleThread
                                              • String ID:
                                              • API String ID: 4094687451-0
                                              • Opcode ID: 1ddd6823bd2bc3ee9e8a39c3bbd18c243f80e9d84aa9d73e1ce1e55aef709746
                                              • Instruction ID: c18c3e67b2d418a81a9ed34cd04b46ff7c576915d0efad72319c368f8fc6f991
                                              • Opcode Fuzzy Hash: 1ddd6823bd2bc3ee9e8a39c3bbd18c243f80e9d84aa9d73e1ce1e55aef709746
                                              • Instruction Fuzzy Hash: A9E0E57A6003107BD601EB68BC09FAB77F8AB54B01F408419FA44C2280E338D90897FB
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $
                                              • API String ID: 0-227171996
                                              • Opcode ID: 395a1bfc07a86bc1b17be198384b933d6e74c24733d271f90db895820ae6568e
                                              • Instruction ID: e3b698b264220c6a4a7ff30e5bd10faba35ce6b07e42392d760f651db3adf898
                                              • Opcode Fuzzy Hash: 395a1bfc07a86bc1b17be198384b933d6e74c24733d271f90db895820ae6568e
                                              • Instruction Fuzzy Hash: E46249716183419FC364CF29C980A6BB7E5FFC8304F148A2EE59997391D738E905CB9A
                                              APIs
                                              • GetSystemTime.KERNEL32(?,?,004CE646,?,0041E572), ref: 004CE5B7
                                              • GetTimeZoneInformation.KERNEL32(00563D90,?,?,004CE646,?,0041E572), ref: 004CE607
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: Time$InformationSystemZone
                                              • String ID:
                                              • API String ID: 702727434-0
                                              • Opcode ID: f738a3c553d765e04b5bec4b324b6c4fee79bb83ad17f4052d4625c48ac5b856
                                              • Instruction ID: 027c201d87c87fe04e998a3dacbc9da3b97e28b55a26ca5f2fa1b84a2cf7f3f2
                                              • Opcode Fuzzy Hash: f738a3c553d765e04b5bec4b324b6c4fee79bb83ad17f4052d4625c48ac5b856
                                              • Instruction Fuzzy Hash: E9011D78608201DBC310BF09E85556BB7F9FB78B10FC0850AE48583321E3F68D88DB29
                                              APIs
                                              • GetProcessHeap.KERNEL32(00000000,?,00528C3A,-00000003), ref: 0052B447
                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004012F9), ref: 0052B44E
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: Heap$AllocProcess
                                              • String ID:
                                              • API String ID: 1617791916-0
                                              • Opcode ID: 59176d969d8d5ab64b55edfac97e4b95670c40f205a4eeb4c3389c15a55de6de
                                              • Instruction ID: 2d67d1c8230b34df0e9697497b7d0e8b3de7afbebdcce056a4f33b586f436b97
                                              • Opcode Fuzzy Hash: 59176d969d8d5ab64b55edfac97e4b95670c40f205a4eeb4c3389c15a55de6de
                                              • Instruction Fuzzy Hash: 61B092B9604200ABDE009BA0AE0CB1BB678AB54702F000400B619C1160C630C804EB31
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: R
                                              • API String ID: 0-1968290334
                                              • Opcode ID: 8546aa269060c6db0e10336a880f1cd0ec7275522bd7a3a93064d1100faa0acd
                                              • Instruction ID: ce0d7d11e4424d034f190161494b7aac1bec0c29b2276794a3ebc18ef3406d1c
                                              • Opcode Fuzzy Hash: 8546aa269060c6db0e10336a880f1cd0ec7275522bd7a3a93064d1100faa0acd
                                              • Instruction Fuzzy Hash: 84C1D1B2E041689AFB208A14DC84BFBB775FF95310F1480FAD84DA7641D6791EC28F66
                                              APIs
                                              • CoCreateInstance.OLE32(00549E88,00000000,00000001,0054A654,?,?,?,004FB325,?,?,00000000,7772E820), ref: 004F9365
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CreateInstance
                                              • String ID:
                                              • API String ID: 542301482-0
                                              • Opcode ID: 32cc378c3d08419dc9c729465278953167982d40ee5e1f975ead0e7be58d7922
                                              • Instruction ID: d33697237a28c181885f9fc6147cb760b8f27fbda8fa23562785bbd0682874fe
                                              • Opcode Fuzzy Hash: 32cc378c3d08419dc9c729465278953167982d40ee5e1f975ead0e7be58d7922
                                              • Instruction Fuzzy Hash: E8F0823270111167D7288A2EEC45BE7B7D9AFD8710B05412ABD04D7280D7A0EC418594
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: Version
                                              • String ID:
                                              • API String ID: 1889659487-0
                                              • Opcode ID: ee60f9e95fcef11a94c07e1fc1ede8b3207cc5aa390eaa880cb51700aab72f76
                                              • Instruction ID: 055774edfa36a1cc0f2afeca4167b9a8919af704cd7fbd49c209ae17ea6089f8
                                              • Opcode Fuzzy Hash: ee60f9e95fcef11a94c07e1fc1ede8b3207cc5aa390eaa880cb51700aab72f76
                                              • Instruction Fuzzy Hash: D3E0C22C0042804EE7608F38A90AB593BB1AB65244F8804DCD4E443213D3B9021FE766
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: dc5a42f13e7841349ae14dd0d814db7469e84fc1a093c776fc8443455eaf0811
                                              • Instruction ID: 01d32cbd04fd490b405bbb3076ca95c53af9ac6c7c72bf4527c2ddcebbd18577
                                              • Opcode Fuzzy Hash: dc5a42f13e7841349ae14dd0d814db7469e84fc1a093c776fc8443455eaf0811
                                              • Instruction Fuzzy Hash: D58269703083119FD714DF29E580B6BB7E5BB98708F84895EE8898B341D738EC56CB5A
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a904873dfafe76d50723d2220b700b55706c147e6e180d2363eb77a360958730
                                              • Instruction ID: 96a45275b5f9c73a41d1d8337e9608839c2e373e62523567d3dab65913c056f8
                                              • Opcode Fuzzy Hash: a904873dfafe76d50723d2220b700b55706c147e6e180d2363eb77a360958730
                                              • Instruction Fuzzy Hash: 1212AF71608B019BC714DF69C890AABB3F5BF88304F444A2EF585C3741E778E949CB9A
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 04095868b29765f6348be8197726760830473c8083571c9ba6bc4c95f4dee8ec
                                              • Instruction ID: 498cbeb692f4c70c8915f573c8722a097fb1111c7146c1bbe368278cd5f5e3e7
                                              • Opcode Fuzzy Hash: 04095868b29765f6348be8197726760830473c8083571c9ba6bc4c95f4dee8ec
                                              • Instruction Fuzzy Hash: 5F02CE71A04B049FD310CF29E84679AB7F5FFD8304F04892EF4CA96691D7B8E4699B09
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 927d87f6a08cd34fb77d99441a45c3a4ce47cf1e0f25776f7bb3331dde36990d
                                              • Instruction ID: 1e7c3244e7452ae8d69b03c5c8d6f6dafe267a2916603bd4dd3bb4cac85038a4
                                              • Opcode Fuzzy Hash: 927d87f6a08cd34fb77d99441a45c3a4ce47cf1e0f25776f7bb3331dde36990d
                                              • Instruction Fuzzy Hash: FCC15171A087A28FC304CF5884C0406FFE2BED535072DC7AAD8985B3A6D378A899D7D5
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 328fd253c3d3266b9f1183c168a7c073fa13225f90af89d8ccac7b3aac2585fb
                                              • Instruction ID: bfa59705cebf717bb77a31e3df0fdea1df1b133d84f49527330e693498930ead
                                              • Opcode Fuzzy Hash: 328fd253c3d3266b9f1183c168a7c073fa13225f90af89d8ccac7b3aac2585fb
                                              • Instruction Fuzzy Hash: 0091A4B2D001285FF728CA18DD56AEBBB79EB84314F0541BBE40DA6684D7785FC1CE42
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6a5c0a1541d3030db029717021fe89afd2a5752fc6c068978f495cf4b702206e
                                              • Instruction ID: daade82ce8e1d1b2ee71ce6920598c29f2be78123f22ed51f0027d5a07208b60
                                              • Opcode Fuzzy Hash: 6a5c0a1541d3030db029717021fe89afd2a5752fc6c068978f495cf4b702206e
                                              • Instruction Fuzzy Hash: F471E8B2D001285FF768CA18DD56AEBBB78EB45314F0541FBE80DA6680D6385FC5CE52
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 68be6958af1c6a53e962f91bcc0efa0a9d1af6a4e755137e866c4c74eff88070
                                              • Instruction ID: 95a1ac05ea7bf9e85cb9af7e548825cad19751d86e8640f90a726477929908b6
                                              • Opcode Fuzzy Hash: 68be6958af1c6a53e962f91bcc0efa0a9d1af6a4e755137e866c4c74eff88070
                                              • Instruction Fuzzy Hash: 6351B5B2D011285FF768CA18DE56AEBBB78EF94314F0541BBE40DA6680D6385FC4CD42
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 75b50ff1b9ba4dd892b9e41ada2c345e4812fadd8f996589414a3cb6cb0e819a
                                              • Instruction ID: 53d2608e8c54cd10bb4b85a771cf95748db63415cbca46aee886de67e8a57e6b
                                              • Opcode Fuzzy Hash: 75b50ff1b9ba4dd892b9e41ada2c345e4812fadd8f996589414a3cb6cb0e819a
                                              • Instruction Fuzzy Hash: E0218EB1B054214FDB2C9B0E942113AB7E3EFDE30234A82BEE8579B3A9D9741D11D694

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 26 4f4a60-4f4a93 EnterCriticalSection 27 4f4a95-4f4a9d 26->27 28 4f4aa3-4f4aab 26->28 27->28 29 4f4aad-4f4ab5 28->29 30 4f4abb-4f4ac3 28->30 29->30 31 4f4ac5-4f4acd 30->31 32 4f4ad3-4f4adb 30->32 31->32 33 4f4aed-4f4af5 32->33 34 4f4add-4f4ae7 32->34 35 4f4afb-4f4b07 LeaveCriticalSection 33->35 36 4f4bf2-4f4bfe LeaveCriticalSection 33->36 34->33 37 4f4b09-4f4b19 35->37 38 4f4b21-4f4b27 35->38 39 4f4c18-4f4c1e 36->39 40 4f4c00-4f4c10 36->40 37->38 41 4f4b29-4f4b39 38->41 42 4f4b41-4f4b47 38->42 43 4f4c38-4f4c3e 39->43 44 4f4c20-4f4c30 39->44 40->39 41->42 45 4f4bbb-4f4bc1 42->45 46 4f4b49-4f4b69 42->46 47 4f4cb2-4f4cb8 43->47 48 4f4c40-4f4c60 43->48 44->43 51 4f4f2f-4f4f35 45->51 52 4f4bc7-4f4bf1 45->52 53 4f4b6b 46->53 54 4f4b71-4f4bb8 call 462e80 call 4a5380 call 439d00 46->54 55 4f4cdc-4f4d05 EnterCriticalSection LeaveCriticalSection 47->55 56 4f4cba-4f4cd4 47->56 49 4f4c68-4f4caf call 462e80 call 4a5380 call 439d00 48->49 50 4f4c62 48->50 49->47 50->49 53->54 54->45 59 4f4f2e 55->59 60 4f4d0b-4f4d1c EnterCriticalSection LeaveCriticalSection 55->60 56->55 59->51 64 4f4d24-4f4d42 EnterCriticalSection 60->64 65 4f4df8-4f4e1d EnterCriticalSection call 4f3bc0 LeaveCriticalSection 64->65 66 4f4d48-4f4d50 64->66 77 4f4e1f-4f4e2b 65->77 78 4f4e3b-4f4e46 call 4f3340 65->78 66->65 69 4f4d56-4f4d6e EnterCriticalSection LeaveCriticalSection 66->69 73 4f4d74-4f4df1 EnterCriticalSection LeaveCriticalSection EnterCriticalSection LeaveCriticalSection 69->73 74 4f4df3 69->74 73->65 73->74 74->65 81 4f4e2d 77->81 82 4f4e32-4f4e34 77->82 89 4f4e97-4f4e9c LeaveCriticalSection 78->89 90 4f4e48-4f4e4d 78->90 81->82 82->78 87 4f4e36-4f4e39 82->87 87->78 87->89 91 4f4ea2-4f4ebd EnterCriticalSection 89->91 92 4f4e4f-4f4e51 90->92 93 4f4e69-4f4e73 call 4f3d00 90->93 96 4f4ebf-4f4ec1 91->96 97 4f4ed8-4f4ee5 LeaveCriticalSection 91->97 92->93 94 4f4e53-4f4e55 92->94 101 4f4e78-4f4e8f LeaveCriticalSection 93->101 94->93 100 4f4e57-4f4e67 call 4ff020 call 439d00 94->100 102 4f4eca-4f4ed2 96->102 103 4f4ec3-4f4ec8 96->103 98 4f4f0c-4f4f12 97->98 99 4f4ee7-4f4efb EnterCriticalSection 97->99 98->59 107 4f4f14-4f4f29 98->107 104 4f4efd 99->104 105 4f4f01-4f4f06 LeaveCriticalSection 99->105 100->101 101->64 108 4f4e95 101->108 102->97 103->97 104->105 105->98 107->59 108->91
                                              APIs
                                              • EnterCriticalSection.KERNEL32 ref: 004F4A89
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4AFB
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4BF2
                                              • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F4CEA
                                              • LeaveCriticalSection.KERNEL32(?,?), ref: 004F4CFD
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F4D17
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4D1A
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F4D36
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F4D5D
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4D66
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F4D81
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4D87
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F4DB6
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4DC0
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F4E05
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4E11
                                              • LeaveCriticalSection.KERNEL32(?,00000000), ref: 004F4E7D
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4E9C
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F4EB3
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4ED9
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F4EF4
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4F06
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalSection$Leave$Enter
                                              • String ID: NetStream.Play.Start$NetStream.Play.Stop$NetStream.Play.StreamNotFound$NetStream.Seek.InvalidTime$NetStream.Seek.Notify$error$status
                                              • API String ID: 2978645861-761530088
                                              • Opcode ID: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                              • Instruction ID: 162dc2aece2cb8deeda7270d3cf99ca9d96a23cce06d37320eaaf024755f17c1
                                              • Opcode Fuzzy Hash: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                              • Instruction Fuzzy Hash: C7E190352047459FD320DB34C845BABBBE1BF89714F04895DE9AA57382CB74F80ACB65

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 590 4d5d20-4d5d40 call 435350 593 4d6069-4d6073 590->593 594 4d5d46-4d5d56 call 435400 590->594 597 4d5d58-4d5d6f DestroyWindow 594->597 598 4d5d72-4d5d82 call 435400 594->598 601 4d5dab-4d5dbb call 435400 598->601 602 4d5d84-4d5da8 call 4d5380 call 4db4e0 598->602 607 4d5dbd-4d5dec call 4d5380 call 4a7ac0 601->607 608 4d5def-4d5dff call 435400 601->608 616 4d5fdc-4d5fec call 435400 608->616 617 4d5e05-4d5e12 608->617 630 4d5fee-4d602f call 4d5380 GetMenu call 4dad30 616->630 631 4d6032-4d6042 call 435400 616->631 620 4d5e14-4d5e16 617->620 621 4d5e41-4d5e55 GetModuleFileNameA 617->621 625 4d5e1c-4d5e1e 620->625 626 4d5e18-4d5e1a 620->626 622 4d605c-4d6066 621->622 623 4d5e5b-4d5e5c 621->623 623->622 629 4d5e62-4d5e69 623->629 627 4d5e24-4d5e26 625->627 628 4d5e20-4d5e22 625->628 626->625 632 4d5e38-4d5e3f 626->632 634 4d5e2c-4d5e2e 627->634 635 4d5e28-4d5e2a 627->635 628->627 628->632 636 4d5e6b-4d5e6e 629->636 637 4d5e80-4d5e82 629->637 631->593 644 4d6044-4d6056 call 4d5380 631->644 632->620 632->621 634->632 640 4d5e30-4d5e32 634->640 635->632 635->634 636->637 641 4d5e70-4d5e71 636->641 637->622 643 4d5e88-4d5e92 637->643 640->622 640->632 641->629 645 4d5e73-4d5e7d 641->645 647 4d5e95-4d5e9a 643->647 644->622 647->647 650 4d5e9c-4d5ec2 call 52b380 * 2 647->650 656 4d5fbf-4d5fd9 call 439d00 * 2 650->656 657 4d5ec8-4d5eca 650->657 657->656 659 4d5ed0-4d5eda 657->659 661 4d5ee0-4d5ee8 659->661 661->661 663 4d5eea-4d5eed 661->663 665 4d5ef0-4d5ef6 663->665 665->665 666 4d5ef8-4d5f20 665->666 667 4d5f22-4d5f2a 666->667 667->667 668 4d5f2c-4d5f30 667->668 669 4d5f33-4d5f39 668->669 669->669 670 4d5f3b-4d5f4d 669->670 671 4d5f50-4d5f55 670->671 671->671 672 4d5f57-4d5f5d 671->672 673 4d5f60-4d5f66 672->673 673->673 674 4d5f68-4d5fb9 CreateProcessA 673->674 674->656
                                              APIs
                                              • DestroyWindow.USER32(?,?,?,?,?), ref: 004D5D5F
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: DestroyWindow
                                              • String ID: D$FSCommand:$\fscommand$allowscale$exec$fullscreen$quit$showmenu$trapallkeys
                                              • API String ID: 3375834691-1928458085
                                              • Opcode ID: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                              • Instruction ID: 7647b0b3e504c4bbb0374484e0d8b702cf2a7569de5a553b4a60fd35f403e9ef
                                              • Opcode Fuzzy Hash: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                              • Instruction Fuzzy Hash: 27914C35504B015BCB24EF28EC617FBB791AFA6309F44451FE8888B341DB2A990BC7D9

                                              Control-flow Graph

                                              APIs
                                              • GetWindowLongA.USER32(?,000000F0), ref: 004DB511
                                              • GetWindowRect.USER32(?,?), ref: 004DB531
                                              • GetClientRect.USER32(?,?), ref: 004DB541
                                              • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB55D
                                              • GetMenu.USER32(?), ref: 004DB581
                                              • SetMenu.USER32(?,00000000), ref: 004DB596
                                              • GetDesktopWindow.USER32 ref: 004DB5B0
                                              • GetWindowRect.USER32(00000000,?), ref: 004DB5BC
                                              • SetWindowPos.USER32(?,00000000,?,?,?,?,00000000,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB5E1
                                              • GetWindowLongA.USER32(?,000000F0), ref: 004DB604
                                              • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB62A
                                              • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB66D
                                              • GetWindowRect.USER32(?,?), ref: 004DB6A5
                                              • GetClientRect.USER32(?,?), ref: 004DB6B7
                                              • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB702
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: Window$Rect$Long$ClientMenuMove$Desktop
                                              • String ID:
                                              • API String ID: 3087884050-0
                                              • Opcode ID: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                              • Instruction ID: afb7dc4107877f96dc9ff69242aee4b267e14dc018c2a581ac30f1de2d6509eb
                                              • Opcode Fuzzy Hash: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                              • Instruction Fuzzy Hash: 1C61F7756047009FE714CF79D888FA7B7E9EB98314F108A1EE5AA83344DE74B8088B65

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 730 4cfe40-4cfe62 731 4cfe68-4cfe6d call 497d20 730->731 732 4cffe0-4cfffd RegOpenKeyExA 730->732 741 4cfe6f call 4cb0e0 731->741 734 4cffff-4d002b RegQueryValueExA 732->734 735 4d0049-4d0059 732->735 736 4d002d-4d0039 call 435020 734->736 737 4d003e-4d0042 734->737 736->737 740 4d0043 RegCloseKey 737->740 740->735 742 4cfe74-4cfe76 741->742 743 4cfe7c-4cfe99 RegOpenKeyExW 742->743 744 4cff3f-4cff5c RegOpenKeyExA 742->744 743->735 746 4cfe9f-4cfecb RegQueryValueExW 743->746 744->735 745 4cff62-4cff8e RegQueryValueExA 744->745 747 4cffd9-4cffde 745->747 748 4cff90-4cff93 745->748 746->737 749 4cfed1-4cfee3 call 4b8350 746->749 747->740 750 4cffc8-4cffd4 call 435020 748->750 751 4cff95-4cffa9 call 4b8440 748->751 749->737 756 4cfee9-4cfeec 749->756 750->747 751->747 760 4cffab-4cffc6 call 435020 call 439d00 751->760 758 4cfeee-4cff04 call 435020 call 439d00 756->758 759 4cff09-4cff1e call 4d9d70 call 439d00 756->759 758->737 759->737 773 4cff24-4cff3a call 435020 call 439d00 759->773 760->740 773->737
                                              APIs
                                              • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFE8F
                                              • RegQueryValueExW.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFEC1
                                              • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFF52
                                              • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFF84
                                              • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFFF3
                                              • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004D0021
                                              • RegCloseKey.ADVAPI32(00000000), ref: 004D0043
                                                • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: OpenQueryValue$CloseVersion
                                              • String ID: AppData$AppData$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                              • API String ID: 3944000476-502054578
                                              • Opcode ID: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                              • Instruction ID: f72081d33d1e3e5e856db847e9c33e0e25e3821136d69a0383b26c3c547fa845
                                              • Opcode Fuzzy Hash: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                              • Instruction Fuzzy Hash: 0151B2715087017BC725DB50EC95FAB73E8AF88754F00891EF98553381EAB9D80AC7AA

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 949 4f5fc0-4f5fd7 950 4f5fdd-4f5ff0 call 4f5cb0 949->950 951 4f6093-4f6095 949->951 963 4f605d-4f6065 950->963 964 4f5ff2-4f6058 call 4fe010 950->964 953 4f60f7-4f60f9 951->953 954 4f6097-4f609f 951->954 956 4f60ff-4f6101 953->956 957 4f61a1 953->957 958 4f60b2-4f60ba 954->958 959 4f60a1-4f60a6 954->959 961 4f62e5-4f62ec 956->961 965 4f6107-4f6148 EnterCriticalSection LeaveCriticalSection EnterCriticalSection LeaveCriticalSection call 4f2bf0 956->965 960 4f61a7-4f61a9 957->960 957->961 958->953 962 4f60bc-4f60be 958->962 959->958 966 4f60a8-4f60b0 959->966 960->961 967 4f61af-4f61c2 call 4f24f0 960->967 968 4f60d3 962->968 969 4f60c0-4f60c5 962->969 963->951 971 4f6067-4f607c EnterCriticalSection 963->971 964->963 980 4f614a 965->980 981 4f6167-4f6174 call 4f2bf0 965->981 966->958 966->962 983 4f624e-4f625b call 4f24f0 967->983 984 4f61c8-4f61ce 967->984 975 4f60d9-4f60f2 call 4e5ec0 968->975 969->968 974 4f60c7-4f60d1 969->974 976 4f607e 971->976 977 4f6085-4f608d LeaveCriticalSection 971->977 974->968 974->975 975->953 976->977 977->951 982 4f6150-4f6165 call 4f3d00 call 4f2bf0 980->982 981->961 997 4f617a 981->997 982->981 983->961 998 4f6261 983->998 989 4f61d0-4f61df EnterCriticalSection 984->989 994 4f61e6-4f61ef 989->994 995 4f61e1 989->995 1000 4f6201-4f620a 994->1000 1001 4f61f1-4f61ff 994->1001 995->994 1002 4f6180-4f6195 call 4f3d00 call 4f2bf0 997->1002 1003 4f6267-4f6276 EnterCriticalSection 998->1003 1005 4f6211-4f622b LeaveCriticalSection EnterCriticalSection 1000->1005 1001->1005 1021 4f6197-4f619e 1002->1021 1007 4f627d-4f6286 1003->1007 1008 4f6278 1003->1008 1009 4f622d-4f6233 1005->1009 1010 4f6240-4f624c LeaveCriticalSection 1005->1010 1012 4f6298-4f62a1 1007->1012 1013 4f6288-4f6296 1007->1013 1008->1007 1014 4f623a-4f623d 1009->1014 1015 4f6235-4f6238 1009->1015 1010->983 1010->989 1017 4f62a8-4f62c2 LeaveCriticalSection EnterCriticalSection 1012->1017 1013->1017 1014->1010 1015->1010 1019 4f62d7-4f62e3 LeaveCriticalSection 1017->1019 1020 4f62c4-4f62ca 1017->1020 1019->961 1019->1003 1022 4f62cc-4f62cf 1020->1022 1023 4f62d1-4f62d4 1020->1023 1022->1019 1023->1019
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,?,00000000,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F606E
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F608D
                                              • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6111
                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F611B
                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F612B
                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6135
                                                • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                                • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                                • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                                • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                                • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                                • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                              • EnterCriticalSection.KERNEL32(?,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F61D1
                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6212
                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F621C
                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6244
                                              • EnterCriticalSection.KERNEL32(?,00000001,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6268
                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62A9
                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62B3
                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62DB
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalSection$EnterLeave
                                              • String ID:
                                              • API String ID: 3168844106-0
                                              • Opcode ID: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                              • Instruction ID: 143f1fb28292c6c8f5848ec82d72cb0c1768edffe3cb57bca7300ec5568bca4f
                                              • Opcode Fuzzy Hash: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                              • Instruction Fuzzy Hash: 2AA1113020430E8BC725DF349854BBBBBB9AF94304F15056EFA5687382DB79E809CB65
                                              APIs
                                              • StartDocA.GDI32(?,00000000), ref: 004D7F29
                                              • GetDeviceCaps.GDI32(?,00000008), ref: 004D7F47
                                              • GetDeviceCaps.GDI32(?,0000000A), ref: 004D7F55
                                              • LPtoDP.GDI32(00000000,00000002), ref: 004D7F83
                                              • GetDeviceCaps.GDI32(00000000,0000006E), ref: 004D7FA0
                                              • GetDeviceCaps.GDI32(00000000,0000006F), ref: 004D7FAE
                                              • GetDeviceCaps.GDI32(00000000,00000058), ref: 004D7FBC
                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004D7FD2
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CapsDevice$Start
                                              • String ID: portrait
                                              • API String ID: 1738886688-2504013051
                                              • Opcode ID: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                              • Instruction ID: 78bfa520cedcb1c13f518f393ea8421dc938ea51f70754ce75912898c89e0c82
                                              • Opcode Fuzzy Hash: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                              • Instruction Fuzzy Hash: 7641DFB0604B109FC324DF2AD980A1AFBF5BF98710F108A1EE58A877A1D771E845CF91
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,00000000,?,00000000,00000000,?,004AC0BD,?,?), ref: 004F705A
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F7081
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F709A
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F70A3
                                              • timeGetTime.WINMM(00000000,00000000,00000000,00000000,?), ref: 004F7390
                                              • LeaveCriticalSection.KERNEL32(?,?), ref: 004F73D5
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalSection$Leave$Enter$Timetime
                                              • String ID:
                                              • API String ID: 4022644143-0
                                              • Opcode ID: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                              • Instruction ID: 3d57daaa4b40982c2e4bbac1192c2a7fdd3e5fb289d79a2cbb097eeb1d58369f
                                              • Opcode Fuzzy Hash: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                              • Instruction Fuzzy Hash: 60A12B303083495BC7259F398890BBBBBE59F85700F04456EFA9AC7392DB6CE905D768
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,?,?,00000000,004F7352,?), ref: 004F2A19
                                              • timeGetTime.WINMM ref: 004F2A25
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F2A39
                                              • timeGetTime.WINMM(?), ref: 004F2A46
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F2AD7
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalSection$LeaveTimetime$Enter
                                              • String ID: NetStream.Buffer.Empty$NetStream.Buffer.Full$status
                                              • API String ID: 2943255653-4242577526
                                              • Opcode ID: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                              • Instruction ID: adfbc573f46a5ae42de3eb127535f59d6c3a8125dfae6686c248f3bcdabba04f
                                              • Opcode Fuzzy Hash: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                              • Instruction Fuzzy Hash: 33217471740705ABD7308F14DD86B6BB7A4FB50B21F24462BF267966D0C7B4B8408754
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B64,00000002), ref: 004F3ED0
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F3EDE
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F3F20
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalSection$Leave$Enter
                                              • String ID:
                                              • API String ID: 2978645861-0
                                              • Opcode ID: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                              • Instruction ID: 85195bc957575009e4a7604c5a43e45099f91f30af12cfc7e5b33174ac27f883
                                              • Opcode Fuzzy Hash: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                              • Instruction Fuzzy Hash: BF81C0316047494FC724DF39989057BB7F1AF853117148A2FE6A787B81DB38E805CB68
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?), ref: 00401181
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004011B1
                                              • timeGetTime.WINMM ref: 004011C5
                                              • timeGetTime.WINMM ref: 004011D5
                                              • EnterCriticalSection.KERNEL32(?), ref: 004011E3
                                              • LeaveCriticalSection.KERNEL32(?), ref: 0040122A
                                              • timeGetTime.WINMM ref: 0040123E
                                              • EnterCriticalSection.KERNEL32(?), ref: 00401261
                                              • LeaveCriticalSection.KERNEL32(?), ref: 0040129E
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalSection$EnterLeaveTimetime
                                              • String ID:
                                              • API String ID: 3486229058-0
                                              • Opcode ID: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                              • Instruction ID: b4a63a4f06c8fcffd2d454e61e85ed039b73bf68413dd997414ba6e559c29426
                                              • Opcode Fuzzy Hash: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                              • Instruction Fuzzy Hash: 6641D6357003148FCB309F60E80466BB7F4AF6575470486AEE896BB3E1DB38EC459AA5
                                              APIs
                                              • InterlockedExchange.KERNEL32(00000020,00000000), ref: 00411B68
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: ExchangeInterlocked
                                              • String ID: GET$_bytesLoaded$_bytesTotal$_customHeaders$contentType$loaded
                                              • API String ID: 367298776-2876428247
                                              • Opcode ID: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                              • Instruction ID: 337a073203a489cf9af6a636d5e82807fd5ac3b12a53b57697a6972a4ae57270
                                              • Opcode Fuzzy Hash: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                              • Instruction Fuzzy Hash: F6D126706047056BC714EF65D842AABB7E5BF88304F404A2EFA4687392EB38F945C799
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,004F5BA3,00000000), ref: 004F34EA
                                              • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3537
                                              • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3545
                                              • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3556
                                              • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F355F
                                              • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3594
                                              • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F359D
                                              • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36AD
                                              • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36BB
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalSection$Enter$Leave
                                              • String ID:
                                              • API String ID: 2801635615-0
                                              • Opcode ID: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                              • Instruction ID: 93c01fc31a9ee7373f9c1d93048bf40271cec5808ab28bfcb2eca2428eaae834
                                              • Opcode Fuzzy Hash: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                              • Instruction Fuzzy Hash: 1F51BE3020474A9BD7249F319558BBBBBF8AF84742F04485EE5DEC3361DB28EA08C724
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,?,?,?), ref: 004F3709
                                              • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F374C
                                              • LeaveCriticalSection.KERNEL32(?,?), ref: 004F375C
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F376D
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F377A
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F37A9
                                              • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F37C5
                                              • LeaveCriticalSection.KERNEL32(?,?), ref: 004F37D5
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F37EC
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalSection$Leave$Enter
                                              • String ID:
                                              • API String ID: 2978645861-0
                                              • Opcode ID: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                              • Instruction ID: 1822ab8b2bc00c4b335a7296647f06df4fe24da2c1cedc303b1505dbbb5a7089
                                              • Opcode Fuzzy Hash: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                              • Instruction Fuzzy Hash: 2831D1B11087894BC610AF35A9807EBFBF8BF89714F04499DE5E953251C734AA1DC726
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: gethostbynamehtonlhtonsinet_addr
                                              • String ID: localhost
                                              • API String ID: 4009071410-2663516195
                                              • Opcode ID: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                              • Instruction ID: cf482c115b2fa46a5b5609c5aae3d134ea41c2cdeafd480f3feffcf81808ee73
                                              • Opcode Fuzzy Hash: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                              • Instruction Fuzzy Hash: 9131ED30208311ABDB20DF249C85BBBB7E5FF95710F004A1EF9559B381E7719948C7A6
                                              APIs
                                              • timeGetTime.WINMM(00000000), ref: 004145E1
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: Timetime
                                              • String ID: gfff$gfff$gfff$gfff
                                              • API String ID: 17336451-2178600047
                                              • Opcode ID: a6eb4a1a4bf024f16c397edd5e841aed2049ab2de515439dd25e44f6491a1c28
                                              • Instruction ID: e32ce3efbecf0e845fb5c017bd6949167df468d5a0ad1b28c98723774e94ba96
                                              • Opcode Fuzzy Hash: a6eb4a1a4bf024f16c397edd5e841aed2049ab2de515439dd25e44f6491a1c28
                                              • Instruction Fuzzy Hash: 79C17E313046059BD718DF15C494BEA77A6BFC8704F18856EE8498F382CB79ED42CB9A
                                              APIs
                                              • timeKillEvent.WINMM(?), ref: 004D8B13
                                              • Sleep.KERNEL32(00000001,?,0041D4A9), ref: 004D8B2D
                                              • waveOutReset.WINMM(?,?,0041D4A9), ref: 004D8B34
                                              • waveOutUnprepareHeader.WINMM(?,-000013C4,00000020,?,?,0041D4A9), ref: 004D8B5A
                                              • Sleep.KERNEL32(00000001,?,?,0041D4A9), ref: 004D8B63
                                              • waveOutClose.WINMM(?,?,0041D4A9), ref: 004D8B86
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: wave$Sleep$CloseEventHeaderKillResetUnpreparetime
                                              • String ID:
                                              • API String ID: 3030913982-0
                                              • Opcode ID: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                              • Instruction ID: 723e303dfaa0e6e3e16fcc3d7d301ea8209cd941138754b25ec6b12d62c8e06b
                                              • Opcode Fuzzy Hash: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                              • Instruction Fuzzy Hash: 0401ADB5A00214ABC3149F14EC88AAEB7F8FB98B11F00091BF41497301CB79A9598BF5
                                              APIs
                                              • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000,?,?,?,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF94E
                                              • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,-00000001,00000000,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF99D
                                              • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000), ref: 004CF9BF
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CreateFile
                                              • String ID: \\?\
                                              • API String ID: 823142352-4282027825
                                              • Opcode ID: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                              • Instruction ID: d900b4c61e2357813c95f9d4093febd61d3ae0210469f6574eac6d9984f09979
                                              • Opcode Fuzzy Hash: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                              • Instruction Fuzzy Hash: A141C2B5904300BBEB50EB21DC86F1B77A9EB89348F24092EF54597381D63DDC48C7A6
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,00000000,?,?,004DDFDB,000000FF,00000001,004DE7BA), ref: 004DD6FC
                                              • EnterCriticalSection.KERNEL32(?), ref: 004DD71E
                                                • Part of subcall function 004FA760: EnterCriticalSection.KERNEL32(?,?,00000000,7772E820,?,004DD732), ref: 004FA76A
                                                • Part of subcall function 004FA760: LeaveCriticalSection.KERNEL32(?), ref: 004FA77A
                                                • Part of subcall function 004DC9A0: EnterCriticalSection.KERNEL32 ref: 004DCA0C
                                                • Part of subcall function 004DC9A0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?), ref: 004DCA1D
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004DD741
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004DD744
                                              • EnterCriticalSection.KERNEL32(?), ref: 004DD74C
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004DD771
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004DD774
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalSection$Leave$Enter
                                              • String ID:
                                              • API String ID: 2978645861-0
                                              • Opcode ID: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                              • Instruction ID: 32add75de912499d63db8df7e296ef1919b4cd71e3024a8d459c2c8f380e6b48
                                              • Opcode Fuzzy Hash: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                              • Instruction Fuzzy Hash: 59012975302A155FD324EB2ADC90B6BE3F9AF91354F00842FE546C3750CB64FC058AA9
                                              APIs
                                              • CreateWindowExA.USER32(00000000,STATIC,Dummy,80000000,00000000,00000000,00000005,00000005,00000000,00000000,00000000,00000000), ref: 004D866B
                                              • SetWindowLongA.USER32(00000000,000000EB,00000000), ref: 004D8683
                                              • SetWindowLongA.USER32(?,000000FC,004D8520), ref: 004D8690
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: Window$Long$Create
                                              • String ID: Dummy$STATIC
                                              • API String ID: 1733017098-132613206
                                              • Opcode ID: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                              • Instruction ID: 60c9263fdfddd51d1a46959990d996e43c4a0f9c9599785539e6d357df671051
                                              • Opcode Fuzzy Hash: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                              • Instruction Fuzzy Hash: 35F0303138471076E630A66ABC06F57B6EC9B59F31F21071AB319F76E0DAE0F8004A2C
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,00000010,?,00000000,00000000,004EF87C,?,?,004AC02B,?,?), ref: 004F5A80
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F5A8A
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F5B2E
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F5B3D
                                              • EnterCriticalSection.KERNEL32(?,00000002), ref: 004F5B78
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F5B8A
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalSection$EnterLeave
                                              • String ID:
                                              • API String ID: 3168844106-0
                                              • Opcode ID: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                              • Instruction ID: 42192e3c7faa4449eaa7148df56c5331408008ed83f87a65c0d534a8c29348b8
                                              • Opcode Fuzzy Hash: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                              • Instruction Fuzzy Hash: EE41B634300B0D5BD7259F319894BBB77A9AF80704F08415EEB6A8B392DB18FC15D768
                                              APIs
                                              • timeGetTime.WINMM(?,?,?,?,?,?), ref: 004F274C
                                              • EnterCriticalSection.KERNEL32(?,00000000,?,?,?), ref: 004F277D
                                              • LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 004F2787
                                              • timeGetTime.WINMM(?,?), ref: 004F2792
                                              • timeGetTime.WINMM(?,?,?,?,?), ref: 004F27C6
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: Timetime$CriticalSection$EnterLeave
                                              • String ID:
                                              • API String ID: 1404962471-0
                                              • Opcode ID: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                              • Instruction ID: 9d8894fa7cd5c1a3a8d1574b016894ebc4e8e1121a62fd2c9071eafdbb47ea2c
                                              • Opcode Fuzzy Hash: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                              • Instruction Fuzzy Hash: B531BC35208B049BC314DF25E9956ABB7F1FFC9720F148A2DE4EA83390DB34A419CB56
                                              APIs
                                              • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 00529421
                                              • Sleep.KERNEL32(00000000,?,08000041,?,?,00529592,?,?), ref: 00529431
                                              • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 0052943A
                                              • InterlockedExchange.KERNEL32(00000378,00000000), ref: 0052944F
                                              • __aulldiv.LIBCMT ref: 0052947B
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: ExchangeInterlocked$Compare$Sleep__aulldiv
                                              • String ID:
                                              • API String ID: 1430435781-0
                                              • Opcode ID: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                              • Instruction ID: c7c6432b147b16162d76303af8a74e071e756cb34c164aed74e4a8b1f06fd785
                                              • Opcode Fuzzy Hash: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                              • Instruction Fuzzy Hash: 9C215AB15007409FD7219F2A9844A67FEFCFFA1705F10851FA45A873A1D7B4A904CB64
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalSection$EnterLeave
                                              • String ID:
                                              • API String ID: 3168844106-0
                                              • Opcode ID: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                              • Instruction ID: 3111dceef54b192a201187cebb12310cd19e01e5115420dd7c98ed3fae01612e
                                              • Opcode Fuzzy Hash: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                              • Instruction Fuzzy Hash: 2921A73520174A4BD710AF66E888BFFB7B8EB60305F00852FEB4643251C779A84ADB64
                                              APIs
                                              • CreateSolidBrush.GDI32(?), ref: 004D802E
                                              • SelectObject.GDI32(?,00000000), ref: 004D8044
                                              • FillRect.USER32(?,?,00000000), ref: 004D8067
                                              • SelectObject.GDI32(?,00000000), ref: 004D8075
                                              • DeleteObject.GDI32(00000000), ref: 004D8078
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: Object$Select$BrushCreateDeleteFillRectSolid
                                              • String ID:
                                              • API String ID: 3777265051-0
                                              • Opcode ID: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                              • Instruction ID: d8a686452ba02d7e488f009474b8275e6b936404318e954abf19810798465268
                                              • Opcode Fuzzy Hash: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                              • Instruction Fuzzy Hash: 76019A752042046FC304DB69ED88C6B7BF8EACD614B000A5DFA8983312E635E806DB71
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E468C
                                              • LeaveCriticalSection.KERNEL32(?,0041D485), ref: 004E46A2
                                              • DeleteCriticalSection.KERNEL32(?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D0
                                              • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D9
                                              • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46E6
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalSection$Delete$EnterLeave
                                              • String ID:
                                              • API String ID: 3104255891-0
                                              • Opcode ID: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                              • Instruction ID: c031ed0988ac34fb64eb35ca7992c3622ed3d26c78e5592643255ae209dbdd49
                                              • Opcode Fuzzy Hash: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                              • Instruction Fuzzy Hash: D101D4B750060C5BC2106B35EC81BAF73A8AFC4214F05051EF54F93241DA68B8088BA1
                                              APIs
                                              • GetFileAttributesExA.KERNEL32(?,00000000,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?), ref: 004CFE0F
                                                • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                              • GetFileAttributesExW.KERNEL32(00000000,00000000,?,?,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852), ref: 004CFDAF
                                              • GetFileAttributesExA.KERNEL32(00000000,00000000,?,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?,00000000), ref: 004CFDED
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: AttributesFile$Version
                                              • String ID: \\?\
                                              • API String ID: 3849939888-4282027825
                                              • Opcode ID: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                              • Instruction ID: f991edffad243b4bd670aca913d189ed867c40d808b57564552852d0b3f79ee3
                                              • Opcode Fuzzy Hash: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                              • Instruction Fuzzy Hash: 6431277A90031067D710AA65AC42FEB73995F85704F54042FF90687352EB6D9C0EC2EA
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,00000000,00000000), ref: 004FA67B
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004FA749
                                                • Part of subcall function 004F9B30: EnterCriticalSection.KERNEL32(?,00000000,?,004FA7A6,?,?,7772FFB0), ref: 004F9B35
                                                • Part of subcall function 004F9B30: LeaveCriticalSection.KERNEL32(?), ref: 004F9B84
                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000100,00000000,00000000,?), ref: 004FA715
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalSection$EnterLeave$ByteCharMultiWide
                                              • String ID: FriendlyName
                                              • API String ID: 904232820-3623505368
                                              • Opcode ID: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                              • Instruction ID: 4f25218f4a75fa1caa45750efdb6ff353ea89136e06b91a5ad3ed6f7a0914714
                                              • Opcode Fuzzy Hash: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                              • Instruction Fuzzy Hash: 9A212A75244301AFD220EB54DC49F5BB7F8BF88714F008A1DFA899B290D774F8098BA6
                                              APIs
                                              • CreateCompatibleDC.GDI32(00000000), ref: 004CADB4
                                              • CreateDIBSection.GDI32(00000000,?,00000000,?,00000000,00000000), ref: 004CADC8
                                              • GetObjectA.GDI32(00000000,00000018,?), ref: 004CADD8
                                              • DeleteDC.GDI32(00000000), ref: 004CADFF
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: Create$CompatibleDeleteObjectSection
                                              • String ID:
                                              • API String ID: 3137390749-0
                                              • Opcode ID: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                              • Instruction ID: ec125f8efd539a004f5243cd975522e641b23088832de904e1665531ca55df12
                                              • Opcode Fuzzy Hash: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                              • Instruction Fuzzy Hash: 2981AFB56043458FC324CF29D484A67FBF1BF98314F148A6ED58A87712D334E989CBA6
                                              APIs
                                              • QueryPerformanceCounter.KERNEL32 ref: 0052AFF0
                                              • QueryPerformanceCounter.KERNEL32(?), ref: 0052B016
                                                • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C25F
                                                • Part of subcall function 0040C250: Sleep.KERNEL32(00000000,?,?,0052B390,?,004012F9,00000008), ref: 0040C272
                                                • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C279
                                              • InterlockedExchange.KERNEL32(?,00000000), ref: 0052B050
                                              • QueryPerformanceCounter.KERNEL32(?), ref: 0052B05B
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CounterExchangeInterlockedPerformanceQuery$Compare$Sleep
                                              • String ID:
                                              • API String ID: 188302963-0
                                              • Opcode ID: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                              • Instruction ID: 331ae7ec3883c6fb41667714d1c2397b805b788a0704fbfdebc2abdcd4384ec1
                                              • Opcode Fuzzy Hash: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                              • Instruction Fuzzy Hash: 19212A75604712ABC318DF65D884A9AF7E8BF89300F040A1DE85993780D734F918CBA2
                                              APIs
                                                • Part of subcall function 004E4850: waveInGetNumDevs.WINMM(defaultmicrophone,00000000,?,00000000,?,?,?,?,004E8459,?,?,?,?,?,?,?), ref: 004E489B
                                                • Part of subcall function 004E4C80: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C7E,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E4C8A
                                                • Part of subcall function 004E4C80: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E4CD7
                                                • Part of subcall function 004E3860: EnterCriticalSection.KERNEL32(?,00000000,?,004E5C91,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E3868
                                                • Part of subcall function 004E3860: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E388F
                                                • Part of subcall function 004E5B40: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C9B,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?), ref: 004E5B4C
                                                • Part of subcall function 004E5B40: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5B71
                                              • EnterCriticalSection.KERNEL32(00000004,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E5CA2
                                              • LeaveCriticalSection.KERNEL32(00000004,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5CB2
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalSection$EnterLeave$Devswave
                                              • String ID: echosuppression$gain
                                              • API String ID: 967401230-1829011300
                                              • Opcode ID: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                              • Instruction ID: eec625d20ecc8ac728587d7ca18c0fda910ff7f544bd80cb39fcd025b5d808b6
                                              • Opcode Fuzzy Hash: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                              • Instruction Fuzzy Hash: 4C118E35700B449BC711EB67C9A1A2BB3B9BF8871AB15049EE5464B741CB24FC02CBA4
                                              APIs
                                                • Part of subcall function 0050B060: CreateEventA.KERNEL32(00000000,?,00000000,00000000,00000000,00509F02,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E), ref: 0050B06E
                                              • InitializeCriticalSection.KERNEL32(0000007C,00000001,00000001,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E,00549D98,?,?), ref: 00509F34
                                              • InitializeCriticalSection.KERNEL32(00000094,?,?,?,?,?,?,?,?,7772FFB0), ref: 00509F3D
                                              • InitializeCriticalSection.KERNEL32 ref: 00509F6E
                                              • SetEvent.KERNEL32 ref: 00509F74
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalInitializeSection$Event$Create
                                              • String ID:
                                              • API String ID: 662013055-0
                                              • Opcode ID: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                              • Instruction ID: a00b6d7b902e657a52a59b9571d5736a80dfe09fbfe7896e9036a1fe9281f1e6
                                              • Opcode Fuzzy Hash: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                              • Instruction Fuzzy Hash: 9B21C4B1540B049FE320DF6AD884A9BFBE8FF94704F00490EE1AA83661D7B1B405CB61
                                              APIs
                                              • GetSystemDirectoryA.KERNEL32(?,00000105), ref: 004D2AB9
                                              • CreateCompatibleDC.GDI32(00000000), ref: 004D2B3D
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CompatibleCreateDirectorySystem
                                              • String ID: Macromed\Flash\
                                              • API String ID: 2606042488-1438515271
                                              • Opcode ID: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                              • Instruction ID: 299e9cb63676f09c6c690dce7675c16131e739682a5e940449f79e26451de6f9
                                              • Opcode Fuzzy Hash: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                              • Instruction Fuzzy Hash: 8F118A711047016FC704EF21EC52AAF77E4BF98704F40491EF19943281DB78A908CFAA
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B22,00000001,000000FF), ref: 004F2BFE
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F2C88
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F2CCE
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F2CF1
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalSection$Leave$Enter
                                              • String ID:
                                              • API String ID: 2978645861-0
                                              • Opcode ID: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                              • Instruction ID: d821757bbb06b5f881817bb4be3b83133dcd2ebdcf47b2e92145d0cebd45ebc1
                                              • Opcode Fuzzy Hash: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                              • Instruction Fuzzy Hash: D631D2762042854FD3248F29D898A3BBBF5EFD9351F19856EE696C7381C779D808C720
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,004F7247,?), ref: 004F64C1
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F64E6
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F64EC
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F6515
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalSection$EnterLeave
                                              • String ID:
                                              • API String ID: 3168844106-0
                                              • Opcode ID: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                              • Instruction ID: c39e4b2d7a975ea5970b06f88a1f0ae82272a8bb6f48ad921d14b69448efe04b
                                              • Opcode Fuzzy Hash: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                              • Instruction Fuzzy Hash: FC0188352003485BC714EF24D880A77F3A9AF46258B19559DE5C657342CA39EC06CBA4
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?), ref: 0040139D
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004013B3
                                              • EnterCriticalSection.KERNEL32(00000005), ref: 004013CA
                                              • LeaveCriticalSection.KERNEL32(00000005), ref: 004013D8
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1555522864.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1555507067.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555636591.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555661448.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555722906.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555764346.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555818835.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555841993.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555863420.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555886531.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555910755.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555930987.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555953638.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1555976850.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556007399.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1556026831.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalSection$EnterLeave
                                              • String ID:
                                              • API String ID: 3168844106-0
                                              • Opcode ID: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                              • Instruction ID: 1dc668918495c93d19b35d2f921703afc781594381be1afc9f76799b5a6aac2f
                                              • Opcode Fuzzy Hash: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                              • Instruction Fuzzy Hash: 280112B620070AAFC310CF69D884946FBF8FFA8314B10C55AE95983711C771F956CBA0
                                              APIs
                                              • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 007A90C1
                                              • VirtualFree.KERNELBASE(00000000,00000000,?), ref: 007A926D
                                              Memory Dump Source
                                              • Source File: 00000003.00000003.1528953144.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_3_770000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: Virtual$AllocFree
                                              • String ID:
                                              • API String ID: 2087232378-0
                                              • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                              • Instruction ID: 3da77de92bf0c33bc52e49a700e110508d5e24bdc964440293630acdd4b79e25
                                              • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                              • Instruction Fuzzy Hash: 9E719C71D0424ADFCB41CF98C881BEEBBF0BB4A314F244195E665F7281D238AA91DF65
                                              APIs
                                              • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 007A9314
                                                • Part of subcall function 007A9098: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 007A90C1
                                                • Part of subcall function 007A9098: VirtualFree.KERNELBASE(00000000,00000000,?), ref: 007A926D
                                              • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 007A9366
                                              • VirtualProtect.KERNELBASE(0000002C,?,00000040,0000002C), ref: 007A93C0
                                              • VirtualFree.KERNELBASE(00000000,00000000,?), ref: 007A93F3
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000003.1528953144.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_3_770000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: Virtual$Alloc$Free$Protect
                                              • String ID: ,
                                              • API String ID: 1004437363-3772416878
                                              • Opcode ID: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                              • Instruction ID: fdc3e14bfe8bd98f10242a0524754a491cccef1a7c378bc05cf1da2b973c4246
                                              • Opcode Fuzzy Hash: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                              • Instruction Fuzzy Hash: 0E51F975900709EFCB10DFA9C885A9EBBF4FF49344F10851AFA59A7240D374E951CBA4
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000003.00000003.1528953144.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_3_770000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: __freea$__alloca_probe_16
                                              • String ID:
                                              • API String ID: 3509577899-0
                                              • Opcode ID: ce9059a0f54269a3e857cd05decacb9db5d80458a844bd6716999fbfe2567560
                                              • Instruction ID: fd6922cf7a80161dd0570e670522332710b0b795b89aff0777e773291c4cc3ee
                                              • Opcode Fuzzy Hash: ce9059a0f54269a3e857cd05decacb9db5d80458a844bd6716999fbfe2567560
                                              • Instruction Fuzzy Hash: 34519373700606AFEB215FA4CC89EBB7BA9DFC6710B150B29FD0496151E738ED5086A1
                                              APIs
                                              • LCMapStringEx.KERNELBASE(?,007A0C92,?,?,-00000008,?,00000000,00000000,00000000,00000000,00000000), ref: 007A3D75
                                              Memory Dump Source
                                              • Source File: 00000003.00000003.1528953144.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_3_770000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: String
                                              • String ID:
                                              • API String ID: 2568140703-0
                                              • Opcode ID: d727af7c0b24174baf6674acea18e18495a24099b1991f5a4d4d2d4c43d856f5
                                              • Instruction ID: f5da0ac4411f4585a45001adfe7889a157d9ede36c0b1885ca72ad1c5d438d21
                                              • Opcode Fuzzy Hash: d727af7c0b24174baf6674acea18e18495a24099b1991f5a4d4d2d4c43d856f5
                                              • Instruction Fuzzy Hash: D2F07A3650021EFBCF126F90DC09DDE3F26EF89360F058211FA1825020C73AC931AB90
                                              APIs
                                              • VirtualFree.KERNELBASE(?,00000000,?), ref: 0079BFCE
                                              Memory Dump Source
                                              • Source File: 00000003.00000003.1528953144.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_3_770000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: FreeVirtual
                                              • String ID:
                                              • API String ID: 1263568516-0
                                              • Opcode ID: 690d0b966addc1296c1a84957827a07f248c1aeee82d1611503b10e66bc6485d
                                              • Instruction ID: 1fc4dd6c3aeaaee0817216e36ba63e5b521813be904bdd1d1e2e3dac9636e59c
                                              • Opcode Fuzzy Hash: 690d0b966addc1296c1a84957827a07f248c1aeee82d1611503b10e66bc6485d
                                              • Instruction Fuzzy Hash: BA312871900209AFCB10DFA9ED80BAEBBF5FF48710F10802AE559AB250D779A905CF94
                                              APIs
                                              • CloseHandle.KERNELBASE(00000000), ref: 0079BCC7
                                              Memory Dump Source
                                              • Source File: 00000003.00000003.1528953144.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_3_770000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CloseHandle
                                              • String ID:
                                              • API String ID: 2962429428-0
                                              • Opcode ID: 2b98aa5a84afd173d90c2bfe6f1fcf2b928bb24c025f6a62b163b41e7890a4c3
                                              • Instruction ID: f5ba4a2137a67daeb2fbb8b41962ef0f6117c7a666148d136e8c43de06cc210a
                                              • Opcode Fuzzy Hash: 2b98aa5a84afd173d90c2bfe6f1fcf2b928bb24c025f6a62b163b41e7890a4c3
                                              • Instruction Fuzzy Hash: F7E06DB5901622BB97112B20BE09E7B766CEF927413048525FA24E2240DF38DC11C6B5
                                              APIs
                                              • GlobalAlloc.KERNEL32(00002002,00000002), ref: 004D9B06
                                              • GlobalLock.KERNEL32(00000000), ref: 004D9B17
                                              • GlobalUnlock.KERNEL32(00000000), ref: 004D9B28
                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000001,00000000,00000000), ref: 004D9B51
                                              • GlobalAlloc.KERNEL32(00002002,00000001), ref: 004D9B61
                                              • GlobalLock.KERNEL32(00000000), ref: 004D9B70
                                              • GlobalUnlock.KERNEL32(00000000), ref: 004D9B81
                                              • GlobalAlloc.KERNEL32(00002002,00000003,?,?,?,00000000,0040D599,00000000,00000000), ref: 004D9BB8
                                              • GlobalLock.KERNEL32(00000000), ref: 004D9BC5
                                              • GlobalUnlock.KERNEL32(00000000), ref: 004D9BDB
                                              • OpenClipboard.USER32(00000000), ref: 004D9BEB
                                              • EmptyClipboard.USER32 ref: 004D9BF5
                                              • SetClipboardData.USER32(0000000D,00000000), ref: 004D9C08
                                              • SetClipboardData.USER32(00000001,00000000), ref: 004D9C11
                                              • CloseClipboard.USER32 ref: 004D9C13
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: Global$Clipboard$AllocLockUnlock$Data$ByteCharCloseEmptyMultiOpenWide
                                              • String ID:
                                              • API String ID: 3392129136-0
                                              • Opcode ID: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                              • Instruction ID: e40826f6a6b6de4095afa5ba746f594757548e465f4129e7c784a6b23cc7d310
                                              • Opcode Fuzzy Hash: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                              • Instruction Fuzzy Hash: 7A41F371104302ABE3111B61BC99B277BFCAFA1B04F09041BF986D7341DA69EC09D7BA
                                              Memory Dump Source
                                              • Source File: 00000003.00000003.1528953144.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_3_770000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ab678024b27634cae8f009ada00d78c64daba5d8a61eb3502b89817b54d872ca
                                              • Instruction ID: 20744ecfedf4c28fd76f74ea8c3d8a786a43a3a68d56d5ce4262764e8bcaaa8c
                                              • Opcode Fuzzy Hash: ab678024b27634cae8f009ada00d78c64daba5d8a61eb3502b89817b54d872ca
                                              • Instruction Fuzzy Hash: D2516CB1A122099FEF16CF59E9D17AEBBF1FB48310F14806AD405EB250D3789940CF51
                                              Memory Dump Source
                                              • Source File: 00000003.00000003.1528953144.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_3_770000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                              • Instruction ID: 3a0743dcc37270f94bbdfc13b256ffb0086501d309c9e3f5df53f5aed5376cb7
                                              • Opcode Fuzzy Hash: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                              • Instruction Fuzzy Hash: 66F06D79A00200EF8B24DF0AC548E95B7F6FBC6720B6546A5E504DB2A1D3B8ED54CBA0
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: WSAAsyncGetHostByName$WSAAsyncSelect$WSACancelAsyncRequest$WSACleanup$WSAGetLastError$WSAStartup$WSOCK32.DLL$accept$bind$closesocket$connect$htonl$htons$inet_addr$listen$recv$recvfrom$send$sendto$socket
                                              • API String ID: 0-3677570488
                                              • Opcode ID: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                              • Instruction ID: 8c9ac86f1f98df4bb1f2f2f05f7a43d8bd4a8589446ea9a4d4fdb8b68f6288ad
                                              • Opcode Fuzzy Hash: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                              • Instruction Fuzzy Hash: 5031DE71D523646AD7206BB9EC19DEF3EACFBB6704B510517F000972A0EAF88458AF94
                                              APIs
                                              • EnterCriticalSection.KERNEL32 ref: 004F4A89
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4AFB
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4BF2
                                              • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F4CEA
                                              • LeaveCriticalSection.KERNEL32(?,?), ref: 004F4CFD
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F4D17
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4D1A
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F4D36
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F4D5D
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4D66
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F4D81
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4D87
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F4DB6
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4DC0
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F4E05
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4E11
                                              • LeaveCriticalSection.KERNEL32(?,00000000), ref: 004F4E7D
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4E9C
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F4EB3
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4ED9
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F4EF4
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F4F06
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalSection$Leave$Enter
                                              • String ID: NetStream.Play.Start$NetStream.Play.Stop$NetStream.Play.StreamNotFound$NetStream.Seek.InvalidTime$NetStream.Seek.Notify$error$status
                                              • API String ID: 2978645861-761530088
                                              • Opcode ID: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                              • Instruction ID: 162dc2aece2cb8deeda7270d3cf99ca9d96a23cce06d37320eaaf024755f17c1
                                              • Opcode Fuzzy Hash: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                              • Instruction Fuzzy Hash: C7E190352047459FD320DB34C845BABBBE1BF89714F04895DE9AA57382CB74F80ACB65
                                              APIs
                                              • DestroyWindow.USER32(?,?,?,?,?), ref: 004D5D5F
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: DestroyWindow
                                              • String ID: D$FSCommand:$\fscommand$allowscale$exec$fullscreen$quit$showmenu$trapallkeys
                                              • API String ID: 3375834691-1928458085
                                              • Opcode ID: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                              • Instruction ID: 7647b0b3e504c4bbb0374484e0d8b702cf2a7569de5a553b4a60fd35f403e9ef
                                              • Opcode Fuzzy Hash: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                              • Instruction Fuzzy Hash: 27914C35504B015BCB24EF28EC617FBB791AFA6309F44451FE8888B341DB2A990BC7D9
                                              APIs
                                              • GetWindowLongA.USER32(?,000000F0), ref: 004DB511
                                              • GetWindowRect.USER32(?,?), ref: 004DB531
                                              • GetClientRect.USER32(?,?), ref: 004DB541
                                              • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB55D
                                              • GetMenu.USER32(?), ref: 004DB581
                                              • SetMenu.USER32(?,00000000), ref: 004DB596
                                              • GetDesktopWindow.USER32 ref: 004DB5B0
                                              • GetWindowRect.USER32(00000000,?), ref: 004DB5BC
                                              • SetWindowPos.USER32(?,00000000,?,?,?,?,00000000,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB5E1
                                              • GetWindowLongA.USER32(?,000000F0), ref: 004DB604
                                              • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB62A
                                              • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB66D
                                              • GetWindowRect.USER32(?,?), ref: 004DB6A5
                                              • GetClientRect.USER32(?,?), ref: 004DB6B7
                                              • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB702
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: Window$Rect$Long$ClientMenuMove$Desktop
                                              • String ID:
                                              • API String ID: 3087884050-0
                                              • Opcode ID: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                              • Instruction ID: afb7dc4107877f96dc9ff69242aee4b267e14dc018c2a581ac30f1de2d6509eb
                                              • Opcode Fuzzy Hash: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                              • Instruction Fuzzy Hash: 1C61F7756047009FE714CF79D888FA7B7E9EB98314F108A1EE5AA83344DE74B8088B65
                                              APIs
                                              • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFE8F
                                              • RegQueryValueExW.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFEC1
                                              • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFF52
                                              • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFF84
                                              • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFFF3
                                              • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004D0021
                                              • RegCloseKey.ADVAPI32(00000000), ref: 004D0043
                                                • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: OpenQueryValue$CloseVersion
                                              • String ID: AppData$AppData$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                              • API String ID: 3944000476-502054578
                                              • Opcode ID: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                              • Instruction ID: f72081d33d1e3e5e856db847e9c33e0e25e3821136d69a0383b26c3c547fa845
                                              • Opcode Fuzzy Hash: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                              • Instruction Fuzzy Hash: 0151B2715087017BC725DB50EC95FAB73E8AF88754F00891EF98553381EAB9D80AC7AA
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,?,00000000,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F606E
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F608D
                                              • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6111
                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F611B
                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F612B
                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6135
                                                • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                                • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                                • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                                • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                                • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                                • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                              • EnterCriticalSection.KERNEL32(?,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F61D1
                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6212
                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F621C
                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6244
                                              • EnterCriticalSection.KERNEL32(?,00000001,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6268
                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62A9
                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62B3
                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62DB
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalSection$EnterLeave
                                              • String ID:
                                              • API String ID: 3168844106-0
                                              • Opcode ID: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                              • Instruction ID: 143f1fb28292c6c8f5848ec82d72cb0c1768edffe3cb57bca7300ec5568bca4f
                                              • Opcode Fuzzy Hash: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                              • Instruction Fuzzy Hash: 2AA1113020430E8BC725DF349854BBBBBB9AF94304F15056EFA5687382DB79E809CB65
                                              APIs
                                              • StartDocA.GDI32(?,00000000), ref: 004D7F29
                                              • GetDeviceCaps.GDI32(?,00000008), ref: 004D7F47
                                              • GetDeviceCaps.GDI32(?,0000000A), ref: 004D7F55
                                              • LPtoDP.GDI32(00000000,00000002), ref: 004D7F83
                                              • GetDeviceCaps.GDI32(00000000,0000006E), ref: 004D7FA0
                                              • GetDeviceCaps.GDI32(00000000,0000006F), ref: 004D7FAE
                                              • GetDeviceCaps.GDI32(00000000,00000058), ref: 004D7FBC
                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004D7FD2
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CapsDevice$Start
                                              • String ID: portrait
                                              • API String ID: 1738886688-2504013051
                                              • Opcode ID: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                              • Instruction ID: 78bfa520cedcb1c13f518f393ea8421dc938ea51f70754ce75912898c89e0c82
                                              • Opcode Fuzzy Hash: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                              • Instruction Fuzzy Hash: 7641DFB0604B109FC324DF2AD980A1AFBF5BF98710F108A1EE58A877A1D771E845CF91
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,00000000,?,00000000,00000000,?,004AC0BD,?,?), ref: 004F705A
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F7081
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F709A
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F70A3
                                              • timeGetTime.WINMM(00000000,00000000,00000000,00000000,?), ref: 004F7390
                                              • LeaveCriticalSection.KERNEL32(?,?), ref: 004F73D5
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalSection$Leave$Enter$Timetime
                                              • String ID:
                                              • API String ID: 4022644143-0
                                              • Opcode ID: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                              • Instruction ID: 3d57daaa4b40982c2e4bbac1192c2a7fdd3e5fb289d79a2cbb097eeb1d58369f
                                              • Opcode Fuzzy Hash: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                              • Instruction Fuzzy Hash: 60A12B303083495BC7259F398890BBBBBE59F85700F04456EFA9AC7392DB6CE905D768
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,?,?,00000000,004F7352,?), ref: 004F2A19
                                              • timeGetTime.WINMM ref: 004F2A25
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F2A39
                                              • timeGetTime.WINMM(?), ref: 004F2A46
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F2AD7
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalSection$LeaveTimetime$Enter
                                              • String ID: NetStream.Buffer.Empty$NetStream.Buffer.Full$status
                                              • API String ID: 2943255653-4242577526
                                              • Opcode ID: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                              • Instruction ID: adfbc573f46a5ae42de3eb127535f59d6c3a8125dfae6686c248f3bcdabba04f
                                              • Opcode Fuzzy Hash: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                              • Instruction Fuzzy Hash: 33217471740705ABD7308F14DD86B6BB7A4FB50B21F24462BF267966D0C7B4B8408754
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B64,00000002), ref: 004F3ED0
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F3EDE
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F3F20
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalSection$Leave$Enter
                                              • String ID:
                                              • API String ID: 2978645861-0
                                              • Opcode ID: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                              • Instruction ID: 85195bc957575009e4a7604c5a43e45099f91f30af12cfc7e5b33174ac27f883
                                              • Opcode Fuzzy Hash: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                              • Instruction Fuzzy Hash: BF81C0316047494FC724DF39989057BB7F1AF853117148A2FE6A787B81DB38E805CB68
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?), ref: 00401181
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004011B1
                                              • timeGetTime.WINMM ref: 004011C5
                                              • timeGetTime.WINMM ref: 004011D5
                                              • EnterCriticalSection.KERNEL32(?), ref: 004011E3
                                              • LeaveCriticalSection.KERNEL32(?), ref: 0040122A
                                              • timeGetTime.WINMM ref: 0040123E
                                              • EnterCriticalSection.KERNEL32(?), ref: 00401261
                                              • LeaveCriticalSection.KERNEL32(?), ref: 0040129E
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalSection$EnterLeaveTimetime
                                              • String ID:
                                              • API String ID: 3486229058-0
                                              • Opcode ID: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                              • Instruction ID: b4a63a4f06c8fcffd2d454e61e85ed039b73bf68413dd997414ba6e559c29426
                                              • Opcode Fuzzy Hash: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                              • Instruction Fuzzy Hash: 6641D6357003148FCB309F60E80466BB7F4AF6575470486AEE896BB3E1DB38EC459AA5
                                              APIs
                                              • InterlockedExchange.KERNEL32(00000020,00000000), ref: 00411B68
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: ExchangeInterlocked
                                              • String ID: GET$_bytesLoaded$_bytesTotal$_customHeaders$contentType$loaded
                                              • API String ID: 367298776-2876428247
                                              • Opcode ID: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                              • Instruction ID: 337a073203a489cf9af6a636d5e82807fd5ac3b12a53b57697a6972a4ae57270
                                              • Opcode Fuzzy Hash: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                              • Instruction Fuzzy Hash: F6D126706047056BC714EF65D842AABB7E5BF88304F404A2EFA4687392EB38F945C799
                                              APIs
                                              • type_info::operator==.LIBVCRUNTIME ref: 0079E960
                                              • ___TypeMatch.LIBVCRUNTIME ref: 0079EA6E
                                              • _UnwindNestedFrames.LIBCMT ref: 0079EBC0
                                              • CallUnexpected.LIBVCRUNTIME ref: 0079EBDB
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000003.1528953144.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_3_770000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                              • String ID: csm$csm$csm
                                              • API String ID: 2751267872-393685449
                                              • Opcode ID: 239a4af11f55f81595298fdd8f27fa6654470999d4af52818c577849b92c20b2
                                              • Instruction ID: f9205ae31db05b9c3e77d0985b0ed2a32128f774b51f4989d9f1137d4a0a37b6
                                              • Opcode Fuzzy Hash: 239a4af11f55f81595298fdd8f27fa6654470999d4af52818c577849b92c20b2
                                              • Instruction Fuzzy Hash: A3B15C71800209EFCF29DFA4E8859AEBBB5FF14310F14455AE815AB212D739EE51CF92
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,004F5BA3,00000000), ref: 004F34EA
                                              • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3537
                                              • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3545
                                              • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3556
                                              • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F355F
                                              • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3594
                                              • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F359D
                                              • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36AD
                                              • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36BB
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalSection$Enter$Leave
                                              • String ID:
                                              • API String ID: 2801635615-0
                                              • Opcode ID: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                              • Instruction ID: 93c01fc31a9ee7373f9c1d93048bf40271cec5808ab28bfcb2eca2428eaae834
                                              • Opcode Fuzzy Hash: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                              • Instruction Fuzzy Hash: 1F51BE3020474A9BD7249F319558BBBBBF8AF84742F04485EE5DEC3361DB28EA08C724
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,?,?,?), ref: 004F3709
                                              • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F374C
                                              • LeaveCriticalSection.KERNEL32(?,?), ref: 004F375C
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F376D
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F377A
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F37A9
                                              • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F37C5
                                              • LeaveCriticalSection.KERNEL32(?,?), ref: 004F37D5
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F37EC
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalSection$Leave$Enter
                                              • String ID:
                                              • API String ID: 2978645861-0
                                              • Opcode ID: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                              • Instruction ID: 1822ab8b2bc00c4b335a7296647f06df4fe24da2c1cedc303b1505dbbb5a7089
                                              • Opcode Fuzzy Hash: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                              • Instruction Fuzzy Hash: 2831D1B11087894BC610AF35A9807EBFBF8BF89714F04499DE5E953251C734AA1DC726
                                              APIs
                                              • _ValidateLocalCookies.LIBCMT ref: 0079D977
                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 0079D97F
                                              • _ValidateLocalCookies.LIBCMT ref: 0079DA08
                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 0079DA33
                                              • _ValidateLocalCookies.LIBCMT ref: 0079DA88
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000003.1528953144.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_3_770000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                              • String ID: csm
                                              • API String ID: 1170836740-1018135373
                                              • Opcode ID: 37b7ffcd75580574b2bed498a0d55029e147ec6556988c79b4e43bfdd644b3e9
                                              • Instruction ID: e60fa94935fac86d4f2411bee0f06bae9fa08a52f082d528d61211fb7b327bd8
                                              • Opcode Fuzzy Hash: 37b7ffcd75580574b2bed498a0d55029e147ec6556988c79b4e43bfdd644b3e9
                                              • Instruction Fuzzy Hash: 8B41D634A04208DFCF20DF68E885A9E7BB5FF45324F14C155E9196B392D739AD11CB91
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: localhost
                                              • API String ID: 0-2663516195
                                              • Opcode ID: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                              • Instruction ID: cf482c115b2fa46a5b5609c5aae3d134ea41c2cdeafd480f3feffcf81808ee73
                                              • Opcode Fuzzy Hash: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                              • Instruction Fuzzy Hash: 9131ED30208311ABDB20DF249C85BBBB7E5FF95710F004A1EF9559B381E7719948C7A6
                                              APIs
                                              • timeGetTime.WINMM(00000000), ref: 004145E1
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: Timetime
                                              • String ID: gfff$gfff$gfff$gfff
                                              • API String ID: 17336451-2178600047
                                              • Opcode ID: 36ada0748ce7ae867fc8d0b968c8e92e83edef51ded80e37bf17f681d92f4674
                                              • Instruction ID: e32ce3efbecf0e845fb5c017bd6949167df468d5a0ad1b28c98723774e94ba96
                                              • Opcode Fuzzy Hash: 36ada0748ce7ae867fc8d0b968c8e92e83edef51ded80e37bf17f681d92f4674
                                              • Instruction Fuzzy Hash: 79C17E313046059BD718DF15C494BEA77A6BFC8704F18856EE8498F382CB79ED42CB9A
                                              APIs
                                              • timeKillEvent.WINMM(?,?,?,00000000,?,0041D4A9), ref: 004D8B13
                                              • Sleep.KERNEL32(00000001,?,0041D4A9), ref: 004D8B2D
                                              • waveOutReset.WINMM(?,?,0041D4A9), ref: 004D8B34
                                              • waveOutUnprepareHeader.WINMM(?,-000013C4,00000020,?,?,0041D4A9), ref: 004D8B5A
                                              • Sleep.KERNEL32(00000001,?,?,0041D4A9), ref: 004D8B63
                                              • waveOutClose.WINMM(?,?,0041D4A9), ref: 004D8B86
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: wave$Sleep$CloseEventHeaderKillResetUnpreparetime
                                              • String ID:
                                              • API String ID: 3030913982-0
                                              • Opcode ID: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                              • Instruction ID: 723e303dfaa0e6e3e16fcc3d7d301ea8209cd941138754b25ec6b12d62c8e06b
                                              • Opcode Fuzzy Hash: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                              • Instruction Fuzzy Hash: 0401ADB5A00214ABC3149F14EC88AAEB7F8FB98B11F00091BF41497301CB79A9598BF5
                                              APIs
                                              • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000,?,?,?,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF94E
                                              • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,-00000001,00000000,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF99D
                                              • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000), ref: 004CF9BF
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CreateFile
                                              • String ID: \\?\
                                              • API String ID: 823142352-4282027825
                                              • Opcode ID: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                              • Instruction ID: d900b4c61e2357813c95f9d4093febd61d3ae0210469f6574eac6d9984f09979
                                              • Opcode Fuzzy Hash: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                              • Instruction Fuzzy Hash: A141C2B5904300BBEB50EB21DC86F1B77A9EB89348F24092EF54597381D63DDC48C7A6
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,00000000,?,?,004DDFDB,000000FF,00000001,004DE7BA), ref: 004DD6FC
                                              • EnterCriticalSection.KERNEL32(?), ref: 004DD71E
                                                • Part of subcall function 004FA760: EnterCriticalSection.KERNEL32(?,?,00000000,0015381C,?,004DD732), ref: 004FA76A
                                                • Part of subcall function 004FA760: LeaveCriticalSection.KERNEL32(?), ref: 004FA77A
                                                • Part of subcall function 004DC9A0: EnterCriticalSection.KERNEL32 ref: 004DCA0C
                                                • Part of subcall function 004DC9A0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?), ref: 004DCA1D
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004DD741
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004DD744
                                              • EnterCriticalSection.KERNEL32(?), ref: 004DD74C
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004DD771
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004DD774
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalSection$Leave$Enter
                                              • String ID:
                                              • API String ID: 2978645861-0
                                              • Opcode ID: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                              • Instruction ID: 32add75de912499d63db8df7e296ef1919b4cd71e3024a8d459c2c8f380e6b48
                                              • Opcode Fuzzy Hash: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                              • Instruction Fuzzy Hash: 59012975302A155FD324EB2ADC90B6BE3F9AF91354F00842FE546C3750CB64FC058AA9
                                              APIs
                                              • CreateWindowExA.USER32(00000000,STATIC,Dummy,80000000,00000000,00000000,00000005,00000005,00000000,00000000,00000000,00000000), ref: 004D866B
                                              • SetWindowLongA.USER32(00000000,000000EB,00000000), ref: 004D8683
                                              • SetWindowLongA.USER32(?,000000FC,004D8520), ref: 004D8690
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: Window$Long$Create
                                              • String ID: Dummy$STATIC
                                              • API String ID: 1733017098-132613206
                                              • Opcode ID: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                              • Instruction ID: 60c9263fdfddd51d1a46959990d996e43c4a0f9c9599785539e6d357df671051
                                              • Opcode Fuzzy Hash: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                              • Instruction Fuzzy Hash: 35F0303138471076E630A66ABC06F57B6EC9B59F31F21071AB319F76E0DAE0F8004A2C
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,00000010,?,00000000,00000000,004EF87C,?,?,004AC02B,?,?), ref: 004F5A80
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F5A8A
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F5B2E
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F5B3D
                                              • EnterCriticalSection.KERNEL32(?,00000002), ref: 004F5B78
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F5B8A
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalSection$EnterLeave
                                              • String ID:
                                              • API String ID: 3168844106-0
                                              • Opcode ID: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                              • Instruction ID: 42192e3c7faa4449eaa7148df56c5331408008ed83f87a65c0d534a8c29348b8
                                              • Opcode Fuzzy Hash: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                              • Instruction Fuzzy Hash: EE41B634300B0D5BD7259F319894BBB77A9AF80704F08415EEB6A8B392DB18FC15D768
                                              APIs
                                              • timeGetTime.WINMM(?,?,?,?,?,?), ref: 004F274C
                                              • EnterCriticalSection.KERNEL32(?,00000000,?,?,?), ref: 004F277D
                                              • LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 004F2787
                                              • timeGetTime.WINMM(?,?), ref: 004F2792
                                              • timeGetTime.WINMM(?,?,?,?,?), ref: 004F27C6
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: Timetime$CriticalSection$EnterLeave
                                              • String ID:
                                              • API String ID: 1404962471-0
                                              • Opcode ID: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                              • Instruction ID: 9d8894fa7cd5c1a3a8d1574b016894ebc4e8e1121a62fd2c9071eafdbb47ea2c
                                              • Opcode Fuzzy Hash: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                              • Instruction Fuzzy Hash: B531BC35208B049BC314DF25E9956ABB7F1FFC9720F148A2DE4EA83390DB34A419CB56
                                              APIs
                                              • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 00529421
                                              • Sleep.KERNEL32(00000000,?,08000041,?,?,00529592,?,?), ref: 00529431
                                              • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 0052943A
                                              • InterlockedExchange.KERNEL32(00000378,00000000), ref: 0052944F
                                              • __aulldiv.LIBCMT ref: 0052947B
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: ExchangeInterlocked$Compare$Sleep__aulldiv
                                              • String ID:
                                              • API String ID: 1430435781-0
                                              • Opcode ID: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                              • Instruction ID: c7c6432b147b16162d76303af8a74e071e756cb34c164aed74e4a8b1f06fd785
                                              • Opcode Fuzzy Hash: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                              • Instruction Fuzzy Hash: 9C215AB15007409FD7219F2A9844A67FEFCFFA1705F10851FA45A873A1D7B4A904CB64
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalSection$EnterLeave
                                              • String ID:
                                              • API String ID: 3168844106-0
                                              • Opcode ID: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                              • Instruction ID: 3111dceef54b192a201187cebb12310cd19e01e5115420dd7c98ed3fae01612e
                                              • Opcode Fuzzy Hash: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                              • Instruction Fuzzy Hash: 2921A73520174A4BD710AF66E888BFFB7B8EB60305F00852FEB4643251C779A84ADB64
                                              APIs
                                              • CreateSolidBrush.GDI32(?), ref: 004D802E
                                              • SelectObject.GDI32(?,00000000), ref: 004D8044
                                              • FillRect.USER32(?,?,00000000), ref: 004D8067
                                              • SelectObject.GDI32(?,00000000), ref: 004D8075
                                              • DeleteObject.GDI32(00000000), ref: 004D8078
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: Object$Select$BrushCreateDeleteFillRectSolid
                                              • String ID:
                                              • API String ID: 3777265051-0
                                              • Opcode ID: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                              • Instruction ID: d8a686452ba02d7e488f009474b8275e6b936404318e954abf19810798465268
                                              • Opcode Fuzzy Hash: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                              • Instruction Fuzzy Hash: 76019A752042046FC304DB69ED88C6B7BF8EACD614B000A5DFA8983312E635E806DB71
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E468C
                                              • LeaveCriticalSection.KERNEL32(?,0041D485), ref: 004E46A2
                                              • DeleteCriticalSection.KERNEL32(?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D0
                                              • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D9
                                              • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46E6
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalSection$Delete$EnterLeave
                                              • String ID:
                                              • API String ID: 3104255891-0
                                              • Opcode ID: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                              • Instruction ID: c031ed0988ac34fb64eb35ca7992c3622ed3d26c78e5592643255ae209dbdd49
                                              • Opcode Fuzzy Hash: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                              • Instruction Fuzzy Hash: D101D4B750060C5BC2106B35EC81BAF73A8AFC4214F05051EF54F93241DA68B8088BA1
                                              APIs
                                              • OpenClipboard.USER32(00000000), ref: 004D9C27
                                              • GetClipboardData.USER32(00000001), ref: 004D9C3A
                                              • GetClipboardData.USER32(0000000D), ref: 004D9C42
                                              • GetClipboardData.USER32(00000000), ref: 004D9C4B
                                              • CloseClipboard.USER32 ref: 004D9C56
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: Clipboard$Data$CloseOpen
                                              • String ID:
                                              • API String ID: 464010812-0
                                              • Opcode ID: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                              • Instruction ID: 2f18cbc0f6c8a3dbd26954e8439ab7c802a903eab365c315afdcc22c9d276e9e
                                              • Opcode Fuzzy Hash: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                              • Instruction Fuzzy Hash: 41E09AB230022517EB9026BA6C4CF97A2EC9F54F90F050123F604C6340E6A6CC0457B1
                                              APIs
                                              • GetFileAttributesExA.KERNEL32(?,00000000,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?), ref: 004CFE0F
                                                • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                              • GetFileAttributesExW.KERNEL32(00000000,00000000,?,?,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852), ref: 004CFDAF
                                              • GetFileAttributesExA.KERNEL32(00000000,00000000,?,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?,00000000), ref: 004CFDED
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: AttributesFile$Version
                                              • String ID: \\?\
                                              • API String ID: 3849939888-4282027825
                                              • Opcode ID: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                              • Instruction ID: f991edffad243b4bd670aca913d189ed867c40d808b57564552852d0b3f79ee3
                                              • Opcode Fuzzy Hash: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                              • Instruction Fuzzy Hash: 6431277A90031067D710AA65AC42FEB73995F85704F54042FF90687352EB6D9C0EC2EA
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,00000000,00000000), ref: 004FA67B
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004FA749
                                                • Part of subcall function 004F9B30: EnterCriticalSection.KERNEL32(?,00000000,?,004FA7A6,?,?,00153804), ref: 004F9B35
                                                • Part of subcall function 004F9B30: LeaveCriticalSection.KERNEL32(?), ref: 004F9B84
                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000100,00000000,00000000,?), ref: 004FA715
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalSection$EnterLeave$ByteCharMultiWide
                                              • String ID: FriendlyName
                                              • API String ID: 904232820-3623505368
                                              • Opcode ID: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                              • Instruction ID: 4f25218f4a75fa1caa45750efdb6ff353ea89136e06b91a5ad3ed6f7a0914714
                                              • Opcode Fuzzy Hash: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                              • Instruction Fuzzy Hash: 9A212A75244301AFD220EB54DC49F5BB7F8BF88714F008A1DFA899B290D774F8098BA6
                                              APIs
                                              • CreateCompatibleDC.GDI32(00000000), ref: 004CADB4
                                              • CreateDIBSection.GDI32(00000000,?,00000000,?,00000000,00000000), ref: 004CADC8
                                              • GetObjectA.GDI32(00000000,00000018,?), ref: 004CADD8
                                              • DeleteDC.GDI32(00000000), ref: 004CADFF
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: Create$CompatibleDeleteObjectSection
                                              • String ID:
                                              • API String ID: 3137390749-0
                                              • Opcode ID: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                              • Instruction ID: ec125f8efd539a004f5243cd975522e641b23088832de904e1665531ca55df12
                                              • Opcode Fuzzy Hash: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                              • Instruction Fuzzy Hash: 2981AFB56043458FC324CF29D484A67FBF1BF98314F148A6ED58A87712D334E989CBA6
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000003.00000003.1528953144.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_3_770000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: AdjustPointer
                                              • String ID:
                                              • API String ID: 1740715915-0
                                              • Opcode ID: e93d7e5d452ce734d2e2462fa7bb03522d0fd6ff82d28459489596ce1c95da32
                                              • Instruction ID: 9eb4f438231cdf1f5a0390a81fae76cf41a7faa79662d3ed8606b3b5fb6622e9
                                              • Opcode Fuzzy Hash: e93d7e5d452ce734d2e2462fa7bb03522d0fd6ff82d28459489596ce1c95da32
                                              • Instruction Fuzzy Hash: 14510F72605206EFDF29CF54F985BAAB7A4EF58310F24452DE802872A1E73DEC51CB91
                                              APIs
                                              • QueryPerformanceCounter.KERNEL32 ref: 0052AFF0
                                              • QueryPerformanceCounter.KERNEL32(?), ref: 0052B016
                                                • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C25F
                                                • Part of subcall function 0040C250: Sleep.KERNEL32(00000000,?,?,0052B390,?,004012F9,00000008), ref: 0040C272
                                                • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C279
                                              • InterlockedExchange.KERNEL32(?,00000000), ref: 0052B050
                                              • QueryPerformanceCounter.KERNEL32(?), ref: 0052B05B
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CounterExchangeInterlockedPerformanceQuery$Compare$Sleep
                                              • String ID:
                                              • API String ID: 188302963-0
                                              • Opcode ID: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                              • Instruction ID: 331ae7ec3883c6fb41667714d1c2397b805b788a0704fbfdebc2abdcd4384ec1
                                              • Opcode Fuzzy Hash: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                              • Instruction Fuzzy Hash: 19212A75604712ABC318DF65D884A9AF7E8BF89300F040A1DE85993780D734F918CBA2
                                              APIs
                                                • Part of subcall function 004E4850: waveInGetNumDevs.WINMM(defaultmicrophone,00000000,?,00000000,?,?,?,?,004E8459,?,?,?,?,?,?,?), ref: 004E489B
                                                • Part of subcall function 004E4C80: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C7E,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E4C8A
                                                • Part of subcall function 004E4C80: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E4CD7
                                                • Part of subcall function 004E3860: EnterCriticalSection.KERNEL32(?,00000000,?,004E5C91,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E3868
                                                • Part of subcall function 004E3860: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E388F
                                                • Part of subcall function 004E5B40: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C9B,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?), ref: 004E5B4C
                                                • Part of subcall function 004E5B40: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5B71
                                              • EnterCriticalSection.KERNEL32(00000004,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E5CA2
                                              • LeaveCriticalSection.KERNEL32(00000004,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5CB2
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalSection$EnterLeave$Devswave
                                              • String ID: echosuppression$gain
                                              • API String ID: 967401230-1829011300
                                              • Opcode ID: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                              • Instruction ID: eec625d20ecc8ac728587d7ca18c0fda910ff7f544bd80cb39fcd025b5d808b6
                                              • Opcode Fuzzy Hash: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                              • Instruction Fuzzy Hash: 4C118E35700B449BC711EB67C9A1A2BB3B9BF8871AB15049EE5464B741CB24FC02CBA4
                                              APIs
                                                • Part of subcall function 0050B060: CreateEventA.KERNEL32(00000000,?,00000000,00000000,00000000,00509F02,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E), ref: 0050B06E
                                              • InitializeCriticalSection.KERNEL32(0000007C,00000001,00000001,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E,00549D98,?,?), ref: 00509F34
                                              • InitializeCriticalSection.KERNEL32(00000094,?,?,?,?,?,?,?,?,00153804), ref: 00509F3D
                                              • InitializeCriticalSection.KERNEL32 ref: 00509F6E
                                              • SetEvent.KERNEL32 ref: 00509F74
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalInitializeSection$Event$Create
                                              • String ID:
                                              • API String ID: 662013055-0
                                              • Opcode ID: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                              • Instruction ID: a00b6d7b902e657a52a59b9571d5736a80dfe09fbfe7896e9036a1fe9281f1e6
                                              • Opcode Fuzzy Hash: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                              • Instruction Fuzzy Hash: 9B21C4B1540B049FE320DF6AD884A9BFBE8FF94704F00490EE1AA83661D7B1B405CB61
                                              APIs
                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0079DEAD
                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0079DEC6
                                              Memory Dump Source
                                              • Source File: 00000003.00000003.1528953144.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_3_770000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: Value___vcrt_
                                              • String ID:
                                              • API String ID: 1426506684-0
                                              • Opcode ID: a5c6c870cbe02360b2234619489db598323c740032db365f4575ed4472c763a2
                                              • Instruction ID: 00b83a8abc7ce385ab32bf354e41978ee56b478a752cb83b12f0cae4687b3bd0
                                              • Opcode Fuzzy Hash: a5c6c870cbe02360b2234619489db598323c740032db365f4575ed4472c763a2
                                              • Instruction Fuzzy Hash: 1801FC32149351AEAE3537747CCA96A27A9EB56774B200329F525491E1EF2D5C016344
                                              APIs
                                              • GetSystemDirectoryA.KERNEL32(?,00000105), ref: 004D2AB9
                                              • CreateCompatibleDC.GDI32(00000000), ref: 004D2B3D
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CompatibleCreateDirectorySystem
                                              • String ID: Macromed\Flash\
                                              • API String ID: 2606042488-1438515271
                                              • Opcode ID: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                              • Instruction ID: 299e9cb63676f09c6c690dce7675c16131e739682a5e940449f79e26451de6f9
                                              • Opcode Fuzzy Hash: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                              • Instruction Fuzzy Hash: 8F118A711047016FC704EF21EC52AAF77E4BF98704F40491EF19943281DB78A908CFAA
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B22,00000001,000000FF), ref: 004F2BFE
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F2C88
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F2CCE
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F2CF1
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalSection$Leave$Enter
                                              • String ID:
                                              • API String ID: 2978645861-0
                                              • Opcode ID: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                              • Instruction ID: d821757bbb06b5f881817bb4be3b83133dcd2ebdcf47b2e92145d0cebd45ebc1
                                              • Opcode Fuzzy Hash: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                              • Instruction Fuzzy Hash: D631D2762042854FD3248F29D898A3BBBF5EFD9351F19856EE696C7381C779D808C720
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,004F7247,?), ref: 004F64C1
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F64E6
                                              • EnterCriticalSection.KERNEL32(?), ref: 004F64EC
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F6515
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalSection$EnterLeave
                                              • String ID:
                                              • API String ID: 3168844106-0
                                              • Opcode ID: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                              • Instruction ID: c39e4b2d7a975ea5970b06f88a1f0ae82272a8bb6f48ad921d14b69448efe04b
                                              • Opcode Fuzzy Hash: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                              • Instruction Fuzzy Hash: FC0188352003485BC714EF24D880A77F3A9AF46258B19559DE5C657342CA39EC06CBA4
                                              APIs
                                              • EnterCriticalSection.KERNEL32(?), ref: 0040139D
                                              • LeaveCriticalSection.KERNEL32(?), ref: 004013B3
                                              • EnterCriticalSection.KERNEL32(00000005), ref: 004013CA
                                              • LeaveCriticalSection.KERNEL32(00000005), ref: 004013D8
                                              Memory Dump Source
                                              • Source File: 00000003.00000002.1539708865.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000003.00000002.1539676312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539859755.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539888821.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000003.00000002.1539956013.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_3_2_400000_1CSDmJh1zN.jbxd
                                              Similarity
                                              • API ID: CriticalSection$EnterLeave
                                              • String ID:
                                              • API String ID: 3168844106-0
                                              • Opcode ID: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                              • Instruction ID: 1dc668918495c93d19b35d2f921703afc781594381be1afc9f76799b5a6aac2f
                                              • Opcode Fuzzy Hash: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                              • Instruction Fuzzy Hash: 280112B620070AAFC310CF69D884946FBF8FFA8314B10C55AE95983711C771F956CBA0
                                              APIs
                                              • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 00800326
                                                • Part of subcall function 008000A4: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 008000CD
                                                • Part of subcall function 008000A4: VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 00800279
                                              • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 00800378
                                              • VirtualProtect.KERNELBASE(0000002C,?,00000040,?), ref: 008003E7
                                              • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 00800407
                                              • MapViewOfFile.KERNELBASE(?,00000004,00000000,00000000,00000000), ref: 0080042E
                                              • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 00800456
                                              • CloseHandle.KERNELBASE(?), ref: 00800471
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000004.00000003.1529191672.0000000000800000.00000040.00000001.00020000.00000000.sdmp, Offset: 00800000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_3_800000_svchost.jbxd
                                              Similarity
                                              • API ID: Virtual$Alloc$Free$CloseFileHandleProtectView
                                              • String ID: ,
                                              • API String ID: 3867569247-3772416878
                                              • Opcode ID: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                              • Instruction ID: 6f381d0bc4ad42a065c9edc33907ba4ec5c90ee8bf70151e8b58d212541aeef1
                                              • Opcode Fuzzy Hash: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                              • Instruction Fuzzy Hash: 9A61FCB5900609EFDB50DFA9CC84B9EBBB8FF08354F148519EA59E7280D770A941CF64
                                              APIs
                                              • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 008000CD
                                              • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 00800279
                                              Memory Dump Source
                                              • Source File: 00000004.00000003.1529191672.0000000000800000.00000040.00000001.00020000.00000000.sdmp, Offset: 00800000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_3_800000_svchost.jbxd
                                              Similarity
                                              • API ID: Virtual$AllocFree
                                              • String ID:
                                              • API String ID: 2087232378-0
                                              • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                              • Instruction ID: b5983ae09bc1547d505cf54153f6f93dbea5296bd4ed7143472c4682ba3174a7
                                              • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                              • Instruction Fuzzy Hash: 95718A71E042499FDB81CF98C885BEDBBF0FB09319F244095E4A5FB291C234AA91DF65

                                              Execution Graph

                                              Execution Coverage:33.4%
                                              Dynamic/Decrypted Code Coverage:100%
                                              Signature Coverage:83.3%
                                              Total number of Nodes:24
                                              Total number of Limit Nodes:0
                                              execution_graph 415 2b0b1871cf4 417 2b0b1871d19 415->417 416 2b0b1871fa1 417->416 426 2b0b18715c0 417->426 419 2b0b1871f98 CloseHandle 419->416 420 2b0b1871f88 NtAcceptConnectPort 420->419 421 2b0b1871e3a 421->419 421->420 422 2b0b1871ecd 421->422 429 2b0b1870ac8 421->429 422->422 435 2b0b1871aa4 NtAcceptConnectPort 422->435 428 2b0b18715f4 NtAcceptConnectPort 426->428 428->421 430 2b0b1870c62 429->430 431 2b0b1870ae8 429->431 430->422 431->430 431->431 432 2b0b1870be8 NtAcceptConnectPort 431->432 432->430 433 2b0b1870c1b 432->433 433->430 434 2b0b1870c33 NtAcceptConnectPort 433->434 434->430 436 2b0b1871af7 435->436 437 2b0b1871c04 435->437 441 2b0b1871870 436->441 437->420 439 2b0b1871b10 440 2b0b1871bb6 NtAcceptConnectPort 439->440 440->437 443 2b0b1871889 441->443 442 2b0b1871949 442->439 443->442 444 2b0b1871930 GetProcessMitigationPolicy 443->444 444->442

                                              Callgraph

                                              Control-flow Graph

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.1900349296.000002B0B1870000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002B0B1870000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_2b0b1870000_fontdrvhost.jbxd
                                              Similarity
                                              • API ID: AcceptCloseConnectHandlePort
                                              • String ID:
                                              • API String ID: 3811980168-0
                                              • Opcode ID: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                              • Instruction ID: a19e117d63cae63deb33526078254d4c7b5131d707a65bef9ea1cd75b63214aa
                                              • Opcode Fuzzy Hash: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                              • Instruction Fuzzy Hash: FB91C630518E088FD766EF18C4857E677E1FB98314F24465EE49BC76D6EB34AC828B81

                                              Control-flow Graph

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.1900349296.000002B0B1870000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002B0B1870000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_2b0b1870000_fontdrvhost.jbxd
                                              Similarity
                                              • API ID: AcceptConnectPort
                                              • String ID:
                                              • API String ID: 1658770261-0
                                              • Opcode ID: 275693e7d66e5d53f7e2184dfa7c88ce453f9d9d0d3e8ba4525500231a394657
                                              • Instruction ID: acc63cf35e1893a6262f1b7cfa16cb2a59c7c2359a7f2908928882b465c24569
                                              • Opcode Fuzzy Hash: 275693e7d66e5d53f7e2184dfa7c88ce453f9d9d0d3e8ba4525500231a394657
                                              • Instruction Fuzzy Hash: FA51F730928A550AE72DAA3888D967AB7D5F783309F34055ED1F3C51D3EA34CE878782

                                              Control-flow Graph

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.1900349296.000002B0B1870000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002B0B1870000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_2b0b1870000_fontdrvhost.jbxd
                                              Similarity
                                              • API ID: AcceptConnectPort$MitigationPolicyProcess
                                              • String ID:
                                              • API String ID: 2923266908-0
                                              • Opcode ID: e7c877b781110a0d6e647df344fb2e40eb660a4b7f668a210715c22aed20397b
                                              • Instruction ID: 4fccb17360662efad14a0aa3f868cca52240c5c74eb6c6eee64fcaa10515853a
                                              • Opcode Fuzzy Hash: e7c877b781110a0d6e647df344fb2e40eb660a4b7f668a210715c22aed20397b
                                              • Instruction Fuzzy Hash: DA41EF30218B488FDB45EF2C88C97967B90FB55320F1443AEE85ACB2D7DA34C9498795

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 118 2b0b18715c0-2b0b18715f2 119 2b0b18715f4-2b0b18715f7 118->119 120 2b0b18715f9-2b0b18715fb 118->120 121 2b0b187161f-2b0b187166d NtAcceptConnectPort 119->121 122 2b0b18715fd-2b0b1871609 120->122 123 2b0b187160b-2b0b187160d 120->123 122->121 124 2b0b187160f-2b0b187161b 123->124 125 2b0b187161d 123->125 124->121 125->121
                                              APIs
                                              • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,00000000,000002B0B1871E3A), ref: 000002B0B1871654
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.1900349296.000002B0B1870000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002B0B1870000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_2b0b1870000_fontdrvhost.jbxd
                                              Similarity
                                              • API ID: AcceptConnectPort
                                              • String ID:
                                              • API String ID: 1658770261-0
                                              • Opcode ID: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                              • Instruction ID: 219705011e8df3667446c3eec277050da1974eada4a1468cdaf9b5fa124a689c
                                              • Opcode Fuzzy Hash: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                              • Instruction Fuzzy Hash: 6E218E71518B088FDB59DF58C4C9A6AF7E1FBA8309F140A2EE44AC7660DB30D884CB41

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 95 2b0b1871870-2b0b18718a0 call 2b0b18708a4 * 2 100 2b0b18718a6-2b0b18718a9 95->100 101 2b0b1871954-2b0b187195b 95->101 100->101 102 2b0b18718af-2b0b18718b9 100->102 102->101 103 2b0b18718bf-2b0b18718c4 102->103 103->101 104 2b0b18718ca-2b0b18718d7 103->104 104->101 105 2b0b18718d9-2b0b18718e1 104->105 105->101 106 2b0b18718e3-2b0b18718ee 105->106 106->101 107 2b0b18718f0-2b0b18718f7 106->107 107->101 108 2b0b18718f9-2b0b18718fc 107->108 108->101 109 2b0b18718fe-2b0b1871906 108->109 109->101 110 2b0b1871908-2b0b187190b 109->110 110->101 111 2b0b187190d-2b0b1871916 110->111 111->101 112 2b0b1871918-2b0b187191c 111->112 112->101 113 2b0b187191e-2b0b187192e 112->113 113->101 115 2b0b1871930-2b0b1871947 GetProcessMitigationPolicy 113->115 115->101 116 2b0b1871949-2b0b187194e 115->116 116->101 117 2b0b1871950-2b0b1871951 116->117 117->101
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.1900349296.000002B0B1870000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002B0B1870000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_2b0b1870000_fontdrvhost.jbxd
                                              Similarity
                                              • API ID: MitigationPolicyProcess
                                              • String ID:
                                              • API String ID: 1088084561-0
                                              • Opcode ID: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                              • Instruction ID: a852c5a87d09f1b0fc360cb60f82b5933c249b9017a6799a1e76c3099f3d3957
                                              • Opcode Fuzzy Hash: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                              • Instruction Fuzzy Hash: F9317130124A078AEBA7DB6888D87F273D5FB94319FB401A9C415D79D1EB79CDCAC680
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.1900349296.000002B0B1870000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002B0B1870000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_2b0b1870000_fontdrvhost.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                              • Instruction ID: 1684949b0e2b346c4f6e13502068689c61c9b2d028cdf62c4328b71d82623ec0
                                              • Opcode Fuzzy Hash: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                              • Instruction Fuzzy Hash: CFB01130E2AA00C2E3880E0AB8023A0F2B2C30B300F02B2322002F3220CA28CC08028F