Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
mu3JuAyrj5.exe

Overview

General Information

Sample name:mu3JuAyrj5.exe
renamed because original name is a hash value
Original sample name:6e94fa203e1fe5f9c0356b3624e39348.exe
Analysis ID:1572156
MD5:6e94fa203e1fe5f9c0356b3624e39348
SHA1:88580db10619398c821438b7f852434a4c507de4
SHA256:fd578834c88e8bb9801c4884abe315845b06ac190d6a20f2ab05ccaa4aadd176
Tags:exeuser-abuse_ch
Infos:

Detection

PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected PureLog Stealer
Yara detected UAC Bypass using CMSTP
Yara detected zgRAT
.NET source code contains method to dynamically call methods (often used by packers)
AI detected suspicious sample
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Self deletion via cmd or bat file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • mu3JuAyrj5.exe (PID: 7128 cmdline: "C:\Users\user\Desktop\mu3JuAyrj5.exe" MD5: 6E94FA203E1FE5F9C0356B3624E39348)
    • cmd.exe (PID: 7464 cmdline: "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\user\Desktop\mu3JuAyrj5.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • choice.exe (PID: 7508 cmdline: choice /C Y /N /D Y /T 3 MD5: 1A9804F0C374283B094E9E55DC5EE128)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
mu3JuAyrj5.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    mu3JuAyrj5.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
      mu3JuAyrj5.exeMALWARE_Win_zgRATDetects zgRATditekSHen
      • 0x52c3b:$s1: file:///
      • 0x52b27:$s2: {11111-22222-10009-11112}
      • 0x52bcb:$s3: {11111-22222-50001-00000}
      • 0x4e38d:$s4: get_Module
      • 0x4ea6d:$s5: Reverse
      • 0x48afe:$s6: BlockCopy
      • 0x4eee5:$s7: ReadByte
      • 0x52c4d:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000002.00000000.1267784449.00000208EB3F2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
        00000002.00000002.1345581595.0000020880001000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
          Process Memory Space: mu3JuAyrj5.exe PID: 7128JoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.0.mu3JuAyrj5.exe.208eb3f0000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
              2.0.mu3JuAyrj5.exe.208eb3f0000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                2.0.mu3JuAyrj5.exe.208eb3f0000.0.unpackMALWARE_Win_zgRATDetects zgRATditekSHen
                • 0x52c3b:$s1: file:///
                • 0x52b27:$s2: {11111-22222-10009-11112}
                • 0x52bcb:$s3: {11111-22222-50001-00000}
                • 0x4e38d:$s4: get_Module
                • 0x4ea6d:$s5: Reverse
                • 0x48afe:$s6: BlockCopy
                • 0x4eee5:$s7: ReadByte
                • 0x52c4d:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                No Suricata rule has matched

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: mu3JuAyrj5.exeAvira: detected
                Multi AV Scanner detection for submitted file
                Source: mu3JuAyrj5.exeReversingLabs: Detection: 65%
                Source: mu3JuAyrj5.exeVirustotal: Detection: 75%Perma Link
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: mu3JuAyrj5.exeJoe Sandbox ML: detected

                Exploits

                barindex
                Yara detected UAC Bypass using CMSTP
                Source: Yara matchFile source: 00000002.00000002.1345581595.0000020880001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: mu3JuAyrj5.exe PID: 7128, type: MEMORYSTR
                Source: mu3JuAyrj5.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: mu3JuAyrj5.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: global trafficTCP traffic: 192.168.2.7:49702 -> 65.21.119.48:6561
                Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Content-Type: application/jsonHost: ip-api.comConnection: Keep-Alive
                Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
                Source: unknownDNS query: name: ip-api.com
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: unknownTCP traffic detected without corresponding DNS query: 65.21.119.48
                Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Content-Type: application/jsonHost: ip-api.comConnection: Keep-Alive
                Source: global trafficDNS traffic detected: DNS query: ip-api.com
                Source: mu3JuAyrj5.exe, 00000002.00000002.1345581595.00000208807F8000.00000004.00000800.00020000.00000000.sdmp, mu3JuAyrj5.exe, 00000002.00000002.1345581595.0000020880803000.00000004.00000800.00020000.00000000.sdmp, mu3JuAyrj5.exe, 00000002.00000002.1345581595.00000208807E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com
                Source: mu3JuAyrj5.exe, 00000002.00000002.1345581595.0000020880744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json/
                Source: mu3JuAyrj5.exe, 00000002.00000002.1345581595.0000020880001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json/LGETMapplication/jsonNcountryOcountryCodePcityQqueryRregionNameStimezoneTzip
                Source: mu3JuAyrj5.exe, 00000002.00000002.1345581595.0000020880001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: mu3JuAyrj5.exe, type: SAMPLEMatched rule: Detects zgRAT Author: ditekSHen
                Source: 2.0.mu3JuAyrj5.exe.208eb3f0000.0.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeCode function: 2_2_00007FFAAC7932A82_2_00007FFAAC7932A8
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeCode function: 2_2_00007FFAAC794A302_2_00007FFAAC794A30
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeCode function: 2_2_00007FFAAC7926FA2_2_00007FFAAC7926FA
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeCode function: 2_2_00007FFAAC7927002_2_00007FFAAC792700
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeCode function: 2_2_00007FFAAC791BF32_2_00007FFAAC791BF3
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeCode function: 2_2_00007FFAAC7923FB2_2_00007FFAAC7923FB
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeCode function: 2_2_00007FFAAC9F11B92_2_00007FFAAC9F11B9
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeCode function: 2_2_00007FFAACA03D282_2_00007FFAACA03D28
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeCode function: 2_2_00007FFAAC9F710F2_2_00007FFAAC9F710F
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeCode function: 2_2_00007FFAACA02E892_2_00007FFAACA02E89
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeCode function: 2_2_00007FFAAC9FD1C52_2_00007FFAAC9FD1C5
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeCode function: 2_2_00007FFAAC9F9A052_2_00007FFAAC9F9A05
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeCode function: 2_2_00007FFAAC9FDB982_2_00007FFAAC9FDB98
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeCode function: 2_2_00007FFAAC9FDB202_2_00007FFAAC9FDB20
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeCode function: 2_2_00007FFAAC9F07012_2_00007FFAAC9F0701
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeCode function: 2_2_00007FFAACA060102_2_00007FFAACA06010
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeCode function: 2_2_00007FFAAC9FE92F2_2_00007FFAAC9FE92F
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeCode function: 2_2_00007FFAAC9F1FCA2_2_00007FFAAC9F1FCA
                Source: mu3JuAyrj5.exe, 00000002.00000000.1267826999.00000208EB450000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSteal1WC.exe, vs mu3JuAyrj5.exe
                Source: mu3JuAyrj5.exe, 00000002.00000002.1447627310.00000208EE092000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs mu3JuAyrj5.exe
                Source: mu3JuAyrj5.exeBinary or memory string: OriginalFilenameSteal1WC.exe, vs mu3JuAyrj5.exe
                Source: mu3JuAyrj5.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: mu3JuAyrj5.exe, type: SAMPLEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                Source: 2.0.mu3JuAyrj5.exe.208eb3f0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                Source: mu3JuAyrj5.exe, FMIJCCJDKMPOHDNPCEAGFDMNEAPEGCIPGDDK.csCryptographic APIs: 'CreateDecryptor'
                Source: mu3JuAyrj5.exe, FMIJCCJDKMPOHDNPCEAGFDMNEAPEGCIPGDDK.csCryptographic APIs: 'CreateDecryptor'
                Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@6/1@1/2
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\mu3JuAyrj5.exe.logJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeMutant created: \Sessions\1\BaseNamedObjects\hiXPIrqvrQcDHff
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeMutant created: NULL
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7472:120:WilError_03
                Source: mu3JuAyrj5.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: mu3JuAyrj5.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: mu3JuAyrj5.exe, 00000002.00000002.1345581595.000002088005F000.00000004.00000800.00020000.00000000.sdmp, mu3JuAyrj5.exe, 00000002.00000002.1345581595.000002088006B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: mu3JuAyrj5.exeReversingLabs: Detection: 65%
                Source: mu3JuAyrj5.exeVirustotal: Detection: 75%
                Source: unknownProcess created: C:\Users\user\Desktop\mu3JuAyrj5.exe "C:\Users\user\Desktop\mu3JuAyrj5.exe"
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\user\Desktop\mu3JuAyrj5.exe"
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\choice.exe choice /C Y /N /D Y /T 3
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\user\Desktop\mu3JuAyrj5.exe"Jump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\choice.exe choice /C Y /N /D Y /T 3Jump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\System32\choice.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                Source: mu3JuAyrj5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: mu3JuAyrj5.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                Data Obfuscation

                barindex
                .NET source code contains method to dynamically call methods (often used by packers)
                Source: mu3JuAyrj5.exe, FMIJCCJDKMPOHDNPCEAGFDMNEAPEGCIPGDDK.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                Source: mu3JuAyrj5.exeStatic PE information: 0xC93CDAA3 [Sat Dec 26 11:42:27 2076 UTC]
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeCode function: 2_2_00007FFAAC7900BD pushad ; iretd 2_2_00007FFAAC7900C1
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeCode function: 2_2_00007FFAACA08164 push ebx; ret 2_2_00007FFAACA0816A
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeCode function: 2_2_00007FFAACA07B3D push eax; ret 2_2_00007FFAACA07B64

                Hooking and other Techniques for Hiding and Protection

                barindex
                Self deletion via cmd or bat file
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess created: "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\user\Desktop\mu3JuAyrj5.exe"
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess created: "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\user\Desktop\mu3JuAyrj5.exe"Jump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: mu3JuAyrj5.exe, 00000002.00000002.1345581595.0000020880001000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL@
                Source: mu3JuAyrj5.exe, 00000002.00000002.1345581595.0000020880001000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeMemory allocated: 208EB7A0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeMemory allocated: 208ED190000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeWindow / User API: threadDelayed 1819Jump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeWindow / User API: threadDelayed 5236Jump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exe TID: 7236Thread sleep count: 1819 > 30Jump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exe TID: 7240Thread sleep count: 5236 > 30Jump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exe TID: 7280Thread sleep time: -21213755684765971s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exe TID: 7324Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exe TID: 6708Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_ComputerSystem
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
                Source: mu3JuAyrj5.exe, 00000002.00000002.1345581595.0000020880001000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: hyper-v
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696492231s
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696492231
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696492231
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696492231t
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696492231f
                Source: mu3JuAyrj5.exe, 00000002.00000002.1446371854.00000208EDA2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllUU
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696492231
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696492231j
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
                Source: mu3JuAyrj5.exe, 00000002.00000002.1345581595.0000020880001000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696492231x
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696492231o
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696492231
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696492231t
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
                Source: mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeMemory allocated: page read and write | page guardJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\user\Desktop\mu3JuAyrj5.exe"Jump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\choice.exe choice /C Y /N /D Y /T 3Jump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeQueries volume information: C:\Users\user\Desktop\mu3JuAyrj5.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: mu3JuAyrj5.exe, 00000002.00000002.1446717448.00000208EDA60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                Stealing of Sensitive Information

                barindex
                Yara detected PureLog Stealer
                Source: Yara matchFile source: mu3JuAyrj5.exe, type: SAMPLE
                Source: Yara matchFile source: 2.0.mu3JuAyrj5.exe.208eb3f0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000000.1267784449.00000208EB3F2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                Yara detected zgRAT
                Source: Yara matchFile source: mu3JuAyrj5.exe, type: SAMPLE
                Source: Yara matchFile source: 2.0.mu3JuAyrj5.exe.208eb3f0000.0.unpack, type: UNPACKEDPE
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\mu3JuAyrj5.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior

                Remote Access Functionality

                barindex
                Yara detected PureLog Stealer
                Source: Yara matchFile source: mu3JuAyrj5.exe, type: SAMPLE
                Source: Yara matchFile source: 2.0.mu3JuAyrj5.exe.208eb3f0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000000.1267784449.00000208EB3F2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                Yara detected zgRAT
                Source: Yara matchFile source: mu3JuAyrj5.exe, type: SAMPLE
                Source: Yara matchFile source: 2.0.mu3JuAyrj5.exe.208eb3f0000.0.unpack, type: UNPACKEDPE

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts131
                Windows Management Instrumentation                		1
                DLL Side-Loading                		11
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		251
                Security Software Discovery                		Remote Services11
                Archive Collected Data                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                DLL Side-Loading                		1
                Disable or Modify Tools                		LSASS Memory1
                Process Discovery                		Remote Desktop Protocol1
                Data from Local System                		1
                Non-Standard Port                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)161
                Virtualization/Sandbox Evasion                		Security Account Manager161
                Virtualization/Sandbox Evasion                		SMB/Windows Admin SharesData from Network Shared Drive1
                Ingress Tool Transfer                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture2
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets1
                System Network Configuration Discovery                		SSHKeylogging2
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Obfuscated Files or Information                		Cached Domain Credentials1
                File and Directory Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                Software Packing                		DCSync33
                System Information Discovery                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                Timestomp                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                DLL Side-Loading                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                File Deletion                		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                mu3JuAyrj5.exe66%ReversingLabsByteCode-MSIL.Infostealer.Tinba
                mu3JuAyrj5.exe75%VirustotalBrowse
                mu3JuAyrj5.exe100%AviraTR/Dropper.Gen
                mu3JuAyrj5.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                No Antivirus matches

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                ip-api.com
                		208.95.112.1
                		truefalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  http://ip-api.com/json/false
                    		high

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://ac.ecosia.org/autocomplete?q=mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900F1000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      https://duckduckgo.com/chrome_newtabmu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900F1000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://duckduckgo.com/ac/?q=mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900F1000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://www.google.com/images/branding/product/ico/googleg_lodp.icomu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900F1000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchmu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900F1000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://ip-api.commu3JuAyrj5.exe, 00000002.00000002.1345581595.00000208807F8000.00000004.00000800.00020000.00000000.sdmp, mu3JuAyrj5.exe, 00000002.00000002.1345581595.0000020880803000.00000004.00000800.00020000.00000000.sdmp, mu3JuAyrj5.exe, 00000002.00000002.1345581595.00000208807E6000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://www.ecosia.org/newtab/mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namemu3JuAyrj5.exe, 00000002.00000002.1345581595.0000020880001000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://ip-api.com/json/LGETMapplication/jsonNcountryOcountryCodePcityQqueryRregionNameStimezoneTzipmu3JuAyrj5.exe, 00000002.00000002.1345581595.0000020880001000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=mu3JuAyrj5.exe, 00000002.00000002.1377370128.00000208900F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high

                                            World Map of Contacted IPs

                                            • No. of IPs < 25%
                                            • 25% < No. of IPs < 50%
                                            • 50% < No. of IPs < 75%
                                            • 75% < No. of IPs

                                            Public IPs

                                            IPDomainCountryFlagASNASN NameMalicious
                                            208.95.112.1
                                            		ip-api.comUnited States
                                            		53334TUT-ASUSfalse
                                            65.21.119.48
                                            		unknownUnited States
                                            		199592CP-ASDEfalse

                                            General Information

                                            Joe Sandbox version:41.0.0 Charoite
                                            Analysis ID:1572156
                                            Start date and time:2024-12-10 07:26:00 +01:00
                                            Joe Sandbox product:CloudBasic
                                            Overall analysis duration:0h 5m 3s
                                            Hypervisor based Inspection enabled:false
                                            Report type:full
                                            Cookbook file name:default.jbs
                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                            Number of analysed new started processes analysed:16
                                            Number of new started drivers analysed:0
                                            Number of existing processes analysed:0
                                            Number of existing drivers analysed:0
                                            Number of injected processes analysed:0
                                            Technologies:
                                            • HCA enabled
                                            • EGA enabled
                                            • AMSI enabled
                                            Analysis Mode:default
                                            Analysis stop reason:Timeout
                                            Sample name:mu3JuAyrj5.exe
                                            renamed because original name is a hash value
                                            Original Sample Name:6e94fa203e1fe5f9c0356b3624e39348.exe
                                            Detection:MAL
                                            Classification:mal100.troj.spyw.expl.evad.winEXE@6/1@1/2
                                            EGA Information:Failed
                                            HCA Information:Failed
                                            Cookbook Comments:
                                            • Found application associated with file extension: .exe

                                            Warnings

                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                            • Excluded IPs from analysis (whitelisted): 13.107.246.63, 52.149.20.212
                                            • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                            • Execution Graph export aborted for target mu3JuAyrj5.exe, PID 7128 because it is empty
                                            • Not all processes where analyzed, report is missing behavior information
                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                            • Report size getting too big, too many NtReadVirtualMemory calls found.

                                            Simulations

                                            Behavior and APIs

                                            TimeTypeDescription
                                            01:26:57API Interceptor35x Sleep call for process: mu3JuAyrj5.exe modified

                                            Joe Sandbox View / Context

                                            IPs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            208.95.112.1interior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                            • ip-api.com/json/?fields=8195
                                            file.exeGet hashmaliciousAmadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                            • ip-api.com/line/?fields=hosting
                                            run.cmdGet hashmaliciousUnknownBrowse
                                            • ip-api.com/json/?fields=8195
                                            file.exeGet hashmaliciousAmadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, Vidar, XWormBrowse
                                            • ip-api.com/line/?fields=hosting
                                            file.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                            • ip-api.com/line/?fields=hosting
                                            f5ATZ1i5CU.exeGet hashmaliciousRedLine, XWormBrowse
                                            • ip-api.com/line/?fields=hosting
                                            R55-RFQ.exeGet hashmaliciousAgentTeslaBrowse
                                            • ip-api.com/line/?fields=hosting
                                            YXHoexbTFp.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                            • ip-api.com/json/
                                            file.exeGet hashmaliciousBlank GrabberBrowse
                                            • ip-api.com/json/?fields=225545
                                            spoolsv.exeGet hashmaliciousRedLine, StormKitty, XWormBrowse
                                            • ip-api.com/line/?fields=hosting

                                            Domains

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            ip-api.cominterior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                            • 208.95.112.1
                                            file.exeGet hashmaliciousAmadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                            • 208.95.112.1
                                            run.cmdGet hashmaliciousUnknownBrowse
                                            • 208.95.112.1
                                            file.exeGet hashmaliciousAmadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, Vidar, XWormBrowse
                                            • 208.95.112.1
                                            file.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                            • 208.95.112.1
                                            f5ATZ1i5CU.exeGet hashmaliciousRedLine, XWormBrowse
                                            • 208.95.112.1
                                            R55-RFQ.exeGet hashmaliciousAgentTeslaBrowse
                                            • 208.95.112.1
                                            YXHoexbTFp.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                            • 208.95.112.1
                                            file.exeGet hashmaliciousBlank GrabberBrowse
                                            • 208.95.112.1
                                            spoolsv.exeGet hashmaliciousRedLine, StormKitty, XWormBrowse
                                            • 208.95.112.1

                                            ASNs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            CP-ASDE850.exeGet hashmaliciousAsyncRATBrowse
                                            • 65.21.198.54
                                            tDLozbx48F.exeGet hashmaliciousGurcu StealerBrowse
                                            • 65.21.49.163
                                            botx.spc.elfGet hashmaliciousMiraiBrowse
                                            • 65.21.172.4
                                            Finish_Agreement_DocuSign.pdfGet hashmaliciousUnknownBrowse
                                            • 65.21.29.43
                                            RasTls.dllGet hashmaliciousUnknownBrowse
                                            • 65.20.90.139
                                            RasTls.dllGet hashmaliciousUnknownBrowse
                                            • 65.20.90.139
                                            RFQ.scr.exeGet hashmaliciousDiscord Token StealerBrowse
                                            • 65.21.66.211
                                            hiss.arm7.elfGet hashmaliciousUnknownBrowse
                                            • 65.20.118.153
                                            Payload 94.75 (2).225.exeGet hashmaliciousUnknownBrowse
                                            • 65.21.172.133
                                            Payload 94.75.225.exeGet hashmaliciousUnknownBrowse
                                            • 65.21.98.72
                                            TUT-ASUSinterior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                            • 208.95.112.1
                                            file.exeGet hashmaliciousAmadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                            • 208.95.112.1
                                            run.cmdGet hashmaliciousUnknownBrowse
                                            • 208.95.112.1
                                            file.exeGet hashmaliciousAmadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, Vidar, XWormBrowse
                                            • 208.95.112.1
                                            file.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                            • 208.95.112.1
                                            f5ATZ1i5CU.exeGet hashmaliciousRedLine, XWormBrowse
                                            • 208.95.112.1
                                            R55-RFQ.exeGet hashmaliciousAgentTeslaBrowse
                                            • 208.95.112.1
                                            YXHoexbTFp.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                            • 208.95.112.1
                                            file.exeGet hashmaliciousBlank GrabberBrowse
                                            • 208.95.112.1
                                            spoolsv.exeGet hashmaliciousRedLine, StormKitty, XWormBrowse
                                            • 208.95.112.1

                                            JA3 Fingerprints

                                            No context

                                            Dropped Files

                                            No context

                                            Created / dropped Files

                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\mu3JuAyrj5.exe.log

                                            Download File
                                            Process:C:\Users\user\Desktop\mu3JuAyrj5.exe
                                            File Type:ASCII text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):2045
                                            Entropy (8bit):5.3618187964722885
                                            Encrypted:false
                                            SSDEEP:48:MxHKQ71qHGIs0HKjJHiYHKGSI6oQHZHitHTHhAHKKkrHKoLHqHpHNpv:iq+wmj0qVCYqGSI6oQ5CtzHeqKkrqoLA
                                            MD5:2880333ECF0A1010436F3B458AE3D931
                                            SHA1:77BD788B221FEDAAC26D7822C9C129CAD7E8D9D9
                                            SHA-256:1473EDC44F2DA62769AFFE97BD0E7882B48F9A4EA8325286DE80E2F27306592F
                                            SHA-512:A2E1CBFE3D2CB2EF87217AEEB8504AF0D9247BC83FFC1B1BE3DBFCE32968CE1BDFE4637B50C7B4F744F52EABE8738F2D33207A70F61E75ADDB5B84724EEE6467
                                            Malicious:true
                                            Reputation:low
                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..2,"System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..2,"System.Web.Extensions, Version=4.0.0.0, Culture=

                                            Static File Info

                                            General

                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                            Entropy (8bit):5.871681740553839
                                            TrID:
                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                            • Win32 Executable (generic) a (10002005/4) 49.75%
                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                            • Windows Screen Saver (13104/52) 0.07%
                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                            File name:mu3JuAyrj5.exe
                                            File size:380'416 bytes
                                            MD5:6e94fa203e1fe5f9c0356b3624e39348
                                            SHA1:88580db10619398c821438b7f852434a4c507de4
                                            SHA256:fd578834c88e8bb9801c4884abe315845b06ac190d6a20f2ab05ccaa4aadd176
                                            SHA512:686475f9457dc3ec160f533fddd2c0266e03e2c33fca646495c96a2058ea6cce6bf1b2a0a9c7a1f1d905e0920447048f872dd76762d953e56183870f3d39421e
                                            SSDEEP:6144:/9IB8C7QXqeajfJg6kezWD79349w8DNQ9vFn:/OB8C7ovaffkezWD793K+
                                            TLSH:2B840A0BBE01CD51C2989736C5BF420847B8D6817367E60E399E27D50D933BFA88B59B
                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....<...............0.................. ........@.. .......................@............`................................

                                            File Icon

                                            Icon Hash:00928e8e8686b000

                                            Static PE Info

                                            General

                                            Entrypoint:0x45e29e
                                            Entrypoint Section:.text
                                            Digitally signed:false
                                            Imagebase:0x400000
                                            Subsystem:windows gui
                                            Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                            Time Stamp:0xC93CDAA3 [Sat Dec 26 11:42:27 2076 UTC]
                                            TLS Callbacks:
                                            CLR (.Net) Version:
                                            OS Version Major:4
                                            OS Version Minor:0
                                            File Version Major:4
                                            File Version Minor:0
                                            Subsystem Version Major:4
                                            Subsystem Version Minor:0
                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                            Entrypoint Preview

                                            Instruction
                                            jmp dword ptr [00402000h]
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al

                                            Data Directories

                                            NameVirtual AddressVirtual Size Is in Section
                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x5e2500x4b.text
                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x600000x598.rsrc
                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x620000xc.reloc
                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                            Sections

                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                            .text0x20000x5c2a40x5c400614c374b5cd5c58b9084393739fe118eFalse0.45181497713414637data5.882040872083142IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                            .rsrc0x600000x5980x600a9ce836158326703e94f602667bd4d3bFalse0.41796875data4.039075596408711IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .reloc0x620000xc0x200345bbe13115de8c4db3bfd71cdb67532False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                            Resources

                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                            RT_VERSION0x600a00x30cdata0.4346153846153846
                                            RT_MANIFEST0x603ac0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                            Imports

                                            DLLImport
                                            mscoree.dll_CorExeMain

                                            Network Behavior

                                            Network Port Distribution

                                            TCP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Dec 10, 2024 07:26:59.838025093 CET4970080192.168.2.7208.95.112.1
                                            Dec 10, 2024 07:26:59.957426071 CET8049700208.95.112.1192.168.2.7
                                            Dec 10, 2024 07:26:59.957500935 CET4970080192.168.2.7208.95.112.1
                                            Dec 10, 2024 07:26:59.958425045 CET4970080192.168.2.7208.95.112.1
                                            Dec 10, 2024 07:27:00.077640057 CET8049700208.95.112.1192.168.2.7
                                            Dec 10, 2024 07:27:01.060622931 CET8049700208.95.112.1192.168.2.7
                                            Dec 10, 2024 07:27:01.107717037 CET4970080192.168.2.7208.95.112.1
                                            Dec 10, 2024 07:27:03.560785055 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:03.680212975 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:03.680280924 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:03.681287050 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:03.682064056 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:03.801074982 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:03.801163912 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:03.802226067 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:03.802262068 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:03.802284956 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:03.802304983 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:03.802326918 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:03.802354097 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:03.802398920 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:03.802412987 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:03.802418947 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:03.802467108 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:03.802472115 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:03.802553892 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:03.802757025 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:03.802812099 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:03.802814007 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:03.802858114 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:03.802910089 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:03.802923918 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:03.817377090 CET4970080192.168.2.7208.95.112.1
                                            Dec 10, 2024 07:27:03.920598984 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:03.921550035 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:03.922136068 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:03.922147989 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:03.922158957 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:03.922167063 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:03.922200918 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:03.922247887 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:03.922826052 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:03.922878981 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:03.965456009 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:03.965662003 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.085015059 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.085149050 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.129575014 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.249469995 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.249526024 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.449722052 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.449996948 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.679708004 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.679935932 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.680032015 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.799395084 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.799403906 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.799494028 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.799498081 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.799565077 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.799608946 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.799613953 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.799647093 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.799696922 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.799737930 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.799741983 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.799813986 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.799833059 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.799853086 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.799926043 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.799958944 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.799981117 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.800013065 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.800087929 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.800228119 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.800231934 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.800286055 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.800316095 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.800355911 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.800379992 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.800497055 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.800503016 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.800559044 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.800584078 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.800647020 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.800693035 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.800750971 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.800779104 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.800822973 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.800851107 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.800910950 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.800924063 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.801000118 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.801019907 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.801084042 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.801104069 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.801155090 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.801187992 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.801232100 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.801300049 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.801377058 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.801388979 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.801434994 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.801459074 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.801493883 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.801548958 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.801628113 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.801647902 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.801712990 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.801737070 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.801760912 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.801779032 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.801815987 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.845516920 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.845585108 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.919018984 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.919085979 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.919198036 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.919538975 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.919594049 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.919641972 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.919878006 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.919926882 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.919939995 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.919992924 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.920073032 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.920193911 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.920241117 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.920284033 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.920329094 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.920409918 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.920458078 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.920459032 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.920492887 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.920571089 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.920691013 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.920803070 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.920828104 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.920831919 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.920917034 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.920922041 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.920974970 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.921044111 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.921150923 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.921171904 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.921200037 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.921225071 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.921226978 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.921264887 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.921271086 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.921300888 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.921364069 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.921449900 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.921453953 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.921550989 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.921555996 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.921658039 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.921664953 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.921669006 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.921685934 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.921773911 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.921777964 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.921808004 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.921855927 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.921875954 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.921928883 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.921972036 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.922008038 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.922070026 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.922075033 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.922111034 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.922163010 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.922208071 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.922244072 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.922276974 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.922317982 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.922332048 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.922379017 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.922384977 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.922418118 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.922574043 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.922578096 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.922595978 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.922624111 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.922629118 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.922662020 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.922694921 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.922699928 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.922739029 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.922805071 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.922826052 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.922858000 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.922919035 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.922950029 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.922955036 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.922991991 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.923049927 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.923054934 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.923058987 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.923103094 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:04.964991093 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:04.965293884 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.038753986 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.038760900 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.038805962 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.038820028 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.038865089 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.038959026 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.039012909 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.039043903 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.039164066 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.039169073 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.039180994 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.039186954 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.039191008 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.039225101 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.039295912 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.039300919 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.039338112 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.039341927 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.039351940 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.039378881 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.039403915 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.039448023 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.039448977 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.039453983 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.039514065 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.039594889 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.039596081 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.039625883 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.039637089 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.039661884 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.039664984 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.039676905 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.039689064 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.039714098 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.039809942 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.039814949 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.039855957 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.039869070 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.039874077 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.039904118 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.039937973 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.039954901 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.039992094 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.039997101 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.040016890 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.040060043 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.040074110 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.040085077 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.040117979 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.040163994 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.040210962 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.040211916 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.040215969 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.040261030 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.040290117 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.040357113 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.040380001 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.040385008 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.040443897 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.040492058 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.040496111 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.040631056 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.040673018 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.040683031 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.040741920 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.040745974 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.040771961 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.040863991 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.040867090 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.040868044 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.040906906 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.040941000 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.040945053 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.040961981 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.041034937 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.041069984 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.041089058 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.041130066 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.041160107 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.041163921 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.041193008 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.041199923 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.041213989 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.041307926 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.041311979 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.041341066 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.041426897 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.041461945 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.041480064 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.041546106 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.041579008 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.041593075 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.041629076 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.041786909 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.041812897 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.041857004 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.041889906 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.041925907 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.041996002 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.042025089 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.042030096 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.042098999 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.042114973 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.042176962 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.042211056 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.042215109 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.042263031 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.042273045 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.042289972 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.042380095 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.042382956 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.042385101 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.042388916 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.042404890 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.042439938 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.042514086 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.042562962 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.042602062 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.042651892 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.042656898 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.042694092 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.042717934 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.042735100 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.042805910 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.042812109 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.042845011 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.042907000 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.042911053 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.042959929 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.042960882 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.042965889 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.043062925 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.043067932 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.043109894 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.043167114 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.043170929 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.043215036 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.043256998 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.043272972 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.043294907 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.043358088 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.043363094 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.043504953 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.043524027 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.043528080 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.043544054 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.043585062 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.043607950 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.043648005 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.043653011 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.043750048 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.043781042 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.043785095 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.043821096 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.043863058 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.043905973 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.043939114 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.043997049 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.044015884 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.044095039 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.044126034 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.044130087 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.044181108 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.044184923 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.044219971 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.044297934 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.044298887 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.044303894 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.044411898 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.044416904 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.044420958 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.044539928 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.044543982 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.044579983 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.044621944 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.044632912 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.044667959 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.044672012 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.044780970 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.044785023 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.044789076 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.044816017 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.044831991 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.084728003 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.084738970 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.085342884 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.158437967 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.158446074 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.158663988 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.158719063 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.158721924 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.158771992 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.158787966 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.158838034 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.158885002 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.158920050 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.159030914 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.159034967 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.159076929 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.159267902 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.159442902 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.159509897 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.159528971 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.159564972 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.159631968 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.159657001 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.159702063 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.159755945 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.159811020 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.159841061 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.159845114 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.159924030 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.159965992 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.160032988 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.160083055 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.160156965 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.160165071 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.160197973 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.160343885 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.160368919 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.160386086 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.160412073 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.160545111 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.160550117 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.160582066 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.160746098 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.160793066 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.160810947 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.160851002 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.160886049 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.160890102 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.160923004 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.160995007 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.160999060 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.161048889 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.161221981 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.161226034 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.161336899 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.161350965 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.161355972 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.161441088 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.161683083 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.161710978 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.161766052 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.161808014 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.161859989 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.161902905 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.161978960 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.161983967 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.162014961 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.162077904 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.162164927 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.162237883 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.162300110 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.162303925 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.162364960 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.162367105 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.162496090 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.162583113 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.162620068 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.162641048 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.162661076 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.162713051 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.162748098 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.162935019 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.162939072 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.162978888 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.163016081 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.163079977 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.163117886 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.163199902 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.163203955 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.163234949 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.163352013 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.163356066 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.163393974 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.163530111 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.163533926 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.163697958 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.163712025 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.163736105 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.163753986 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.163817883 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.163837910 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.163880110 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.164062977 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.164067030 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.164093971 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.164098024 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.164144039 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.164160967 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.164165020 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.164231062 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.164258957 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.164308071 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.164310932 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.164416075 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.164419889 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.164529085 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.164532900 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.164541960 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.164637089 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.164669037 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.164673090 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.164727926 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.164740086 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.164743900 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.164777040 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.164792061 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.164814949 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.164969921 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.164974928 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.164995909 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.165016890 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.165020943 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.165028095 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.165062904 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.165143013 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.165184021 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.165249109 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.165283918 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.165287018 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.165322065 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.165359974 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.165376902 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.165417910 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.165512085 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.165515900 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.165555954 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.165599108 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.165641069 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.165682077 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.165777922 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.165781975 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.165812016 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.165931940 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.165936947 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.165983915 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.166026115 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.166030884 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.166116953 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.166122913 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.166126966 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.166220903 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.166260958 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.166284084 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.166438103 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.166501045 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.166506052 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.166508913 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.166517973 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.166558027 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.166584015 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.166588068 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.166625023 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.166629076 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.166634083 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.166683912 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.166779995 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.166836977 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.166841030 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.166852951 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.166872025 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.166888952 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.166954994 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.166989088 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.166992903 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.167196035 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.167201042 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.167205095 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.167237043 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.167285919 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.167289019 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.167293072 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.167411089 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.167414904 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.167457104 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.167463064 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.167468071 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.167589903 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.167593956 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.167635918 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.167639971 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.167642117 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.167741060 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.167798042 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.167830944 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.167834997 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.167874098 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.167879105 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.167882919 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.167990923 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.167994976 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.168034077 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.168066978 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.168137074 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.168212891 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.168217897 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.168222904 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.168241978 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.168258905 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.168332100 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.168371916 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.168421030 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.168452024 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.168487072 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.168490887 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.168602943 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.168607950 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.168631077 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.168667078 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.168670893 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.168710947 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.168715000 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.168719053 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.168795109 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.168829918 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.168891907 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.168921947 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.168927908 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.168957949 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.168973923 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.168975115 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.169070005 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.169074059 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.169140100 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.169182062 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.169187069 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.169194937 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.169223070 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.169267893 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.169296980 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.169418097 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.176995039 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.177102089 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.177208900 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.177253962 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.177288055 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.177305937 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.177402020 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.177443027 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.177478075 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.177563906 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.177568913 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.177582979 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.177593946 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.177598953 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.177642107 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.177700043 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.177704096 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.177741051 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.177845955 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.177850962 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.177901983 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.177947998 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.178020000 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.178071022 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.178076029 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.178090096 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.178138018 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.178174019 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.178203106 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.178209066 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.178247929 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.178247929 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.178251982 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.178333044 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.178376913 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.178407907 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.178411961 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.178421021 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.178453922 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.178471088 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.178530931 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.178534985 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.178544044 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.178571939 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.178601027 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.178606033 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.178653955 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.178750992 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.178755999 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.178765059 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.178769112 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.178811073 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.178813934 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.178874016 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.178888083 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.178891897 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.178945065 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.178987026 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.179008961 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.179044962 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.179052114 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.179074049 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.179083109 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.179099083 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.179137945 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.179187059 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.179191113 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.179296970 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.179301023 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.179317951 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.179344893 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.179389000 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.179399014 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.179434061 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.179438114 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.179481983 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.179487944 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.179522991 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.179558039 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.179639101 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.179671049 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.179676056 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.179704905 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.179708958 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.179747105 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.179780960 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.179809093 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.179863930 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.179910898 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.179922104 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.179960012 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.180026054 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.180030107 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.180068016 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.180121899 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.180125952 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.180190086 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.180226088 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.180346966 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.180351019 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.180361032 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.180386066 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.180428028 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.180799007 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.180804014 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.180816889 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.180820942 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.180881023 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.180932999 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.180974007 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.181030035 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.181034088 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.181066036 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.181189060 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.181194067 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.181322098 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.204929113 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.204935074 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.204943895 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.204946995 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.205903053 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.278089046 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.278105021 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.278213024 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.278223038 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.278286934 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.278295994 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.278315067 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.278362989 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.278372049 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.278376102 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.278486013 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.278542042 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.278611898 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.278620958 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.278775930 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.278791904 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.278805971 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.278834105 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.278847933 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.278851032 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.278899908 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.278908968 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.279028893 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.279038906 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.279076099 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.279139042 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.279165030 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.279237986 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.279251099 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.279277086 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.279316902 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.279329062 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.279333115 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.279386997 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.279424906 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.279434919 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.279779911 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.279789925 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.279798031 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.279808044 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.279818058 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.279823065 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.279825926 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.279834986 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.279906034 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.279906988 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.279918909 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.280050993 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.280062914 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.280116081 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.280154943 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.280165911 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.280217886 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.280226946 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.280266047 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.280296087 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.280308008 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.280407906 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.280417919 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.280457020 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.280649900 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.280661106 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.280711889 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.280750036 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.280776978 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.280811071 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.280834913 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.280844927 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.280873060 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.280900955 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.280936956 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.280941010 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.280968904 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.280976057 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.281001091 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.281035900 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.281069040 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.281079054 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.281104088 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.281111956 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.281142950 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.281186104 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.281203032 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.281233072 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.281301022 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.281311035 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.281348944 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.281419039 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.281624079 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.281647921 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.281657934 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.281682968 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.281722069 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.281732082 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.281774998 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.281810045 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.281819105 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.281928062 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.281965971 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.281991005 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.282046080 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.282092094 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.282128096 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.282218933 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.282228947 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.282254934 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.282258034 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.282264948 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.282298088 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.282588959 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.282601118 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.282612085 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.282620907 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.282624006 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.282653093 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.282660961 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.282706976 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.282721043 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.282736063 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.282768011 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.282793045 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.282836914 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.282921076 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.282953024 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.282955885 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.282988071 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.283014059 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.283049107 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.283097029 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.283130884 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.283198118 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.283209085 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.283247948 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.283267975 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.283279896 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.283291101 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.283343077 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.283360004 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.283531904 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.283541918 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.283716917 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.283775091 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.283775091 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.283842087 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.283847094 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.283850908 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.283888102 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.283899069 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.283919096 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.284061909 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.284073114 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.284101963 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.284209013 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.284218073 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.284226894 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.284238100 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.284245968 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.284249067 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.284264088 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.284290075 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.284333944 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.284539938 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.284550905 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.284559965 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.284569025 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.284586906 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.284595966 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.284600019 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.284617901 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.284626961 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.284704924 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.284724951 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.284739971 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.284754038 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.284784079 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.284821033 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.284838915 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.284876108 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.285075903 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.285088062 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.285100937 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.285111904 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.285111904 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.285135031 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.285157919 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.285171032 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.285195112 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.285284996 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.285306931 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.285325050 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.285437107 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.285449028 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.285475016 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.285602093 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.285614967 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.285634041 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.285686970 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.285729885 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.285734892 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.285795927 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.285859108 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.285900116 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.285923004 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.285937071 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.285967112 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.285979033 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.285990953 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.286019087 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.286123037 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.286140919 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.286159039 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.286206961 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.286339998 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.286350012 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.286472082 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.286480904 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.286509037 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.286552906 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.286562920 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.286592007 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.286659002 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.286672115 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.286695957 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.286809921 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.286844969 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.286849976 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.286887884 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.286926985 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.286936998 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.286966085 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.286979914 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.287012100 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.287022114 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.287147045 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.287157059 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.287184954 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.287295103 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.287305117 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.287439108 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.287475109 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.287482023 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.287491083 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.287513018 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.287528038 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.287566900 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.287621021 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.287641048 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.287653923 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.287686110 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.287774086 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.287782907 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.287806988 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.287839890 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.287849903 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.287883043 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.287913084 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.287925005 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.287962914 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.288079977 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.288090944 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.288142920 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.288155079 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.288173914 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.288197041 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.288316965 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.288343906 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.288352966 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.288372040 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.288456917 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.288469076 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.288491011 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.288532972 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.288567066 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.288577080 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.288666964 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.288676977 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.288696051 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.288781881 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.288814068 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.288889885 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.288898945 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.288923025 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.288945913 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.288955927 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.288964033 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.288990974 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.289030075 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.289041996 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.289064884 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.289086103 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.289096117 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.289120913 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.289205074 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.289216995 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.289246082 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.289261103 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.289269924 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.289308071 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.289338112 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.289383888 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.289407015 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.289446115 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.289454937 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.289478064 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.289535046 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.289573908 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.289697886 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.289707899 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.289722919 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.289757967 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.289830923 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.289866924 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.289887905 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.289920092 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.289942980 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.289977074 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.290014029 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.290045023 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.290060997 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.290079117 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.290088892 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.290127039 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.290173054 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.290183067 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.290191889 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.290218115 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.290231943 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.290241003 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.290249109 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.290258884 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.290261984 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.290280104 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.290290117 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.290323973 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.290405035 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.290416002 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.290469885 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.290505886 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.290529013 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.290549040 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.290568113 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.290581942 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.290693998 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.290707111 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.290715933 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.290756941 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.290782928 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.290808916 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.290819883 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.290841103 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.290926933 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.290935993 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.290957928 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.290997982 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.291007042 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.291037083 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.291138887 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.291161060 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.291171074 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.291187048 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.291199923 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.291248083 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.291291952 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.291332006 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.291378021 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.291388035 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.291414022 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.291496038 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.291507006 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.291528940 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.291562080 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.291570902 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.291606903 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.291615009 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.291619062 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.291640997 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.291703939 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.291743040 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.291748047 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.291755915 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.291780949 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.291824102 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.291831017 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.291855097 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.291863918 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.291919947 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.292000055 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.292009115 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.292068958 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.292082071 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.292108059 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.292152882 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.292217016 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.292244911 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.292311907 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.292321920 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.292340040 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.292346954 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.292349100 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.292367935 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.292378902 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.292378902 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.292390108 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.292423964 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.292460918 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.292474985 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.292495012 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.292510033 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.292515039 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.292519093 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.292614937 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.292624950 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.292643070 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.292671919 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.292706966 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.292751074 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.292809963 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.292891979 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.292964935 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.292975903 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.292992115 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.293045044 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.293055058 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.293092966 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.293114901 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.293143034 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.293203115 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.293212891 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.293245077 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.293287992 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.293297052 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.293373108 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.293382883 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.293427944 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.293435097 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.293443918 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.293502092 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.293509960 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.293538094 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.293581009 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.293621063 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.293653965 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.293705940 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.293726921 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.293739080 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.293786049 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.293860912 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.293874025 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.293889046 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.293896914 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.293915987 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.293930054 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.293957949 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.294001102 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.294004917 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.294101000 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.294158936 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.294197083 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.294223070 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.294259071 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.294295073 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.294306993 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.294334888 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.294358015 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.294399977 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.294456005 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.294469118 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.294491053 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.294492960 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.294538975 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.294553041 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.294564009 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.294588089 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.294605017 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.294626951 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.294629097 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.294661045 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.294713020 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.294779062 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.294810057 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.294924021 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.294936895 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.294966936 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.294982910 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.295000076 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.295005083 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.295052052 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.295094013 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.295222998 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.295233011 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.295286894 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.296519995 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.296633959 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.296714067 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.296752930 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.296763897 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.296802998 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.296829939 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.296863079 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.296879053 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.296906948 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.296912909 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.296961069 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.296972990 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.297060013 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.297070026 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.297094107 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.297152042 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.297163963 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.297188044 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.297247887 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.297259092 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.297292948 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.297424078 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.297475100 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.297509909 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.297530890 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.297539949 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.297559023 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.297693968 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.297710896 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.297734022 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.297821045 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.297856092 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.297858953 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.297951937 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.297961950 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.297986031 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.298058987 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.298069000 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.298105001 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.298193932 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.298202991 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.298232079 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.298249006 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.298285961 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.298295975 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.298356056 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.298366070 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.298398018 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.298404932 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.298438072 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.298463106 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.298556089 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.298567057 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.298593044 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.298676014 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.298686028 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.298713923 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.298737049 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.298791885 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.298801899 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.299284935 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.312475920 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.312485933 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.312519073 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.312647104 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.324033022 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.324321985 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.324331045 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.324335098 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.324340105 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.324373960 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.324409008 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.324506044 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.325153112 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.327491045 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.352349997 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.352370977 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.352411985 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.352519989 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.355668068 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.355679035 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.359293938 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.397366047 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.397382975 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.397576094 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.397584915 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.397645950 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.397655010 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.397666931 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.397717953 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.397728920 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.397737980 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.397775888 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.397793055 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.397866011 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.397876024 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.397892952 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.397954941 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.397978067 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.398086071 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.398107052 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.398130894 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.398149967 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.398161888 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.398175001 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.398216963 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.398257017 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.398269892 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.398303032 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.398317099 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.398359060 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.398376942 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.398463964 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.398505926 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.398538113 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.398562908 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.398592949 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.398592949 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.398621082 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.398682117 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.398710012 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.398716927 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.398745060 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.399131060 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.399162054 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.399291992 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.399666071 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.400310040 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.400470018 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.400506020 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.401283026 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401293039 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401305914 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401312113 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.401341915 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.401434898 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401464939 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.401516914 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401525974 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401540041 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401549101 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401557922 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401566982 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401572943 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.401590109 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401598930 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401607037 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401607990 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.401616096 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401624918 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401638985 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401648045 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.401648045 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401657104 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401665926 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401674986 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401676893 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.401684046 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401696920 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401705027 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401714087 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.401714087 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401721954 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401731014 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401738882 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.401740074 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401751041 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401758909 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401767969 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401776075 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401777983 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.401783943 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401793957 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401802063 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.401803017 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401813030 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401838064 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401838064 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.401846886 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401849985 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.401855946 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401865005 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401873112 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401876926 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.401882887 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401891947 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401896000 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401900053 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401905060 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.401911974 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401936054 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.401983023 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.401988983 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.401990891 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.402170897 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.402179956 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.402184010 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.402192116 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.402203083 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.402220964 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.402244091 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.402277946 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.402354956 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.402375937 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.402384996 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.402388096 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.402396917 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.402420998 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.402554989 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.402564049 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.402571917 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.402580976 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.402597904 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.402600050 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.402606964 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.402631044 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.402709961 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.402745008 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.402842045 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.402853012 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.402872086 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.402882099 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.402882099 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.402890921 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.402903080 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.402916908 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.403019905 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.403028965 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.403038979 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.403057098 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.403168917 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.403178930 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.403187990 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.403218031 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.403294086 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.403321028 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.403331995 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.403351068 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.403383970 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.403433084 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.403441906 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.403453112 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.403460026 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.403465033 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.403481960 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.403482914 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.403548002 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.403759956 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.403770924 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.403816938 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.403821945 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.403857946 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.403875113 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.403898954 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.403908968 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.403918028 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.403925896 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.403980970 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.404000044 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.404006004 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.404011965 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.404017925 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.404025078 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.404028893 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.404047966 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.404095888 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.404154062 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.404441118 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.404450893 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.404459000 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.404467106 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.404476881 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.404484987 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.404495001 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.404504061 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.404512882 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.404517889 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.404644966 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.404654980 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.404707909 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.404966116 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.404974937 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.404984951 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.404993057 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.405002117 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.405004978 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.405020952 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.405033112 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.405040979 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.405070066 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.405107975 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.405141115 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.405427933 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.405438900 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.405442953 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.405446053 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.405450106 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.405453920 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.405463934 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.405472994 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.405478954 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.405482054 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.405491114 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.405499935 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.405509949 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.405531883 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.405728102 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.405762911 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.406084061 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.406096935 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.406105995 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.406112909 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.406115055 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.406136990 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.406550884 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.406560898 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.406569004 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.406578064 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.406586885 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.406589985 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.406594038 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.406601906 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.406601906 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.406605005 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.406614065 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.406618118 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.406625032 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.406634092 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.406644106 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.406686068 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.443685055 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.447958946 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.448035002 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.448079109 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.448131084 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.448177099 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.448223114 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.448266983 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.448313951 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.448370934 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.448421955 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.448472977 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.448532104 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.448571920 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.464467049 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.464721918 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.471590996 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.475326061 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.517198086 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.519525051 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.561511993 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.561744928 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.562144041 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.562201023 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.562242031 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.562294006 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.562340021 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.562385082 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.562433004 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.562483072 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.562530994 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.562587023 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.562643051 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.562701941 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.562751055 CET497026561192.168.2.765.21.119.48
                                            Dec 10, 2024 07:27:05.573132992 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.573165894 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.573242903 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.573256969 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.573518991 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.573570967 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.573580980 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.573621035 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.573703051 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.573892117 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.573961020 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.573971987 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.621608019 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.681330919 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.696508884 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.806617975 CET65614970265.21.119.48192.168.2.7
                                            Dec 10, 2024 07:27:05.807349920 CET497026561192.168.2.765.21.119.48

                                            UDP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Dec 10, 2024 07:26:59.692960978 CET6102153192.168.2.71.1.1.1
                                            Dec 10, 2024 07:26:59.830466032 CET53610211.1.1.1192.168.2.7

                                            DNS Queries

                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                            Dec 10, 2024 07:26:59.692960978 CET192.168.2.71.1.1.10x82fcStandard query (0)ip-api.comA (IP address)IN (0x0001)false

                                            DNS Answers

                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                            Dec 10, 2024 07:26:59.830466032 CET1.1.1.1192.168.2.70x82fcNo error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false

                                            HTTP Request Dependency Graph

                                            • ip-api.com

                                            HTTP Packets

                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            0192.168.2.749700208.95.112.1807128C:\Users\user\Desktop\mu3JuAyrj5.exe
                                            TimestampBytes transferredDirectionData
                                            Dec 10, 2024 07:26:59.958425045 CET97OUTGET /json/ HTTP/1.1
                                            Content-Type: application/json
                                            Host: ip-api.com
                                            Connection: Keep-Alive
                                            Dec 10, 2024 07:27:01.060622931 CET483INHTTP/1.1 200 OK
                                            Date: Tue, 10 Dec 2024 06:27:00 GMT
                                            Content-Type: application/json; charset=utf-8
                                            Content-Length: 306
                                            Access-Control-Allow-Origin: *
                                            X-Ttl: 60
                                            X-Rl: 44
                                            Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 59 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 7a 69 70 22 3a 22 31 30 31 32 33 22 2c 22 6c 61 74 22 3a 34 30 2e 37 31 32 38 2c 22 6c 6f 6e 22 3a 2d 37 34 2e 30 30 36 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 4c 65 76 65 6c 20 33 22 2c 22 6f 72 67 22 3a 22 43 65 6e 74 75 72 79 4c 69 6e 6b 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 2c 20 4c 4c 43 22 2c 22 61 73 22 3a 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 22 71 75 65 72 79 22 3a 22 38 2e 34 36 2e 31 32 33 2e 32 32 38 22 7d
                                            Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"NY","regionName":"New York","city":"New York","zip":"10123","lat":40.7128,"lon":-74.006,"timezone":"America/New_York","isp":"Level 3","org":"CenturyLink Communications, LLC","as":"AS3356 Level 3 Parent, LLC","query":"8.46.123.228"}


                                            Statistics

                                            CPU Usage

                                            Click to jump to process

                                            Memory Usage

                                            Click to jump to process

                                            High Level Behavior Distribution

                                            Click to dive into process behavior distribution

                                            Behavior

                                            Click to jump to process

                                            System Behavior

                                            General

                                            Target ID:2
                                            Start time:01:26:55
                                            Start date:10/12/2024
                                            Path:C:\Users\user\Desktop\mu3JuAyrj5.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Users\user\Desktop\mu3JuAyrj5.exe"
                                            Imagebase:0x208eb3f0000
                                            File size:380'416 bytes
                                            MD5 hash:6E94FA203E1FE5F9C0356B3624E39348
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000002.00000000.1267784449.00000208EB3F2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000002.00000002.1345581595.0000020880001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:low
                                            Has exited:true

                                            General

                                            Target ID:9
                                            Start time:01:27:03
                                            Start date:10/12/2024
                                            Path:C:\Windows\System32\cmd.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\user\Desktop\mu3JuAyrj5.exe"
                                            Imagebase:0x7ff6795c0000
                                            File size:289'792 bytes
                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:10
                                            Start time:01:27:03
                                            Start date:10/12/2024
                                            Path:C:\Windows\System32\conhost.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                            Imagebase:0x7ff75da10000
                                            File size:862'208 bytes
                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:11
                                            Start time:01:27:03
                                            Start date:10/12/2024
                                            Path:C:\Windows\System32\choice.exe
                                            Wow64 process (32bit):false
                                            Commandline:choice /C Y /N /D Y /T 3
                                            Imagebase:0x7ff696050000
                                            File size:35'840 bytes
                                            MD5 hash:1A9804F0C374283B094E9E55DC5EE128
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:moderate
                                            Has exited:true

                                            Disassembly

                                            Reset < >

                                              Executed Functions

                                              Function 00007FFAAC7932A8 Relevance: 9.3, Strings: 6, Instructions: 1824COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0#%$0#%$0#%$0#%$AWAV$O_L
                                              • API String ID: 0-736060027
                                              • Opcode ID: a720bb0e35a1623cb838f0791c9350bf5e35cc820bfd56cbf805cf8166370570
                                              • Instruction ID: 09b2afa3060d224eb4fc0e1ec74613fb06f797a5fafd1b01ecdfa79852cf1325
                                              • Opcode Fuzzy Hash: a720bb0e35a1623cb838f0791c9350bf5e35cc820bfd56cbf805cf8166370570
                                              • Instruction Fuzzy Hash: 67C2B331A189198FFB94EB6CD495AB877F1FF99310B1481B9D00EC7296CE29EC4687C0
                                              Function 00007FFAAC9F11B9 Relevance: 7.2, Strings: 4, Instructions: 2238COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0#%$Xk!$Xk!$x!%
                                              • API String ID: 0-2312460351
                                              • Opcode ID: aa07bdeecc709fb8d7726ef9b5c833117b1fedf6fbcbdb65fc19c5da20fd102e
                                              • Instruction ID: 70c10fa9fbcf412dbe5c2f5580fdd40a2335c8d63e868e674761ed2022504084
                                              • Opcode Fuzzy Hash: aa07bdeecc709fb8d7726ef9b5c833117b1fedf6fbcbdb65fc19c5da20fd102e
                                              • Instruction Fuzzy Hash: 5AE2E335A1DA468FFBA8DB2C9855AB437D1EF5A300F1481B9D44EC72A3DE28EC4587C1
                                              Function 00007FFAACA03D28 Relevance: 3.1, Strings: 1, Instructions: 1880COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: (
                                              • API String ID: 0-3887548279
                                              • Opcode ID: 6adb0494b5ad1f8a86f225563f94ceef6cee74f3d51b5beaa0a5d983f2a023c7
                                              • Instruction ID: b1c584bd00b03838008d59cbcfe51e5cc88d1540c16a8d7f1fd99ff0daca7c9b
                                              • Opcode Fuzzy Hash: 6adb0494b5ad1f8a86f225563f94ceef6cee74f3d51b5beaa0a5d983f2a023c7
                                              • Instruction Fuzzy Hash: 56E2AF7062DB899FEBA8DB18C494AB977E1FF99300F10856DD04EC7292DE34E845CB81
                                              Function 00007FFAAC9F710F Relevance: 2.4, Instructions: 2389COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e9148a0c21c61caa12b35fc2042101a13db9221fe8f35c05a0a41b72087ca7cb
                                              • Instruction ID: 12afe21fd36acef31b827bc0eb9dff05383fc2581e9609b686363c8121134620
                                              • Opcode Fuzzy Hash: e9148a0c21c61caa12b35fc2042101a13db9221fe8f35c05a0a41b72087ca7cb
                                              • Instruction Fuzzy Hash: 89135E7461DB85CFE7A9DB18C495AAA77E1FF99300F10856DD08EC7291CE34E846CB82
                                              Function 00007FFAACA02E89 Relevance: 2.1, Strings: 1, Instructions: 865COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: (_L
                                              • API String ID: 0-1598577166
                                              • Opcode ID: b784b49d6d8dc2c2a0c23cef241af2b2f48f0e60f23e7530f067c20a1a763ff2
                                              • Instruction ID: 539d3e206f41daa39ff4743fcc564b2a8264fce074e80883d661ebe059f603c9
                                              • Opcode Fuzzy Hash: b784b49d6d8dc2c2a0c23cef241af2b2f48f0e60f23e7530f067c20a1a763ff2
                                              • Instruction Fuzzy Hash: 9C42C171A2AA4A9FFB98DB2C905467477D2FF99340F1481BDD04EC7682EE24EC4687C1
                                              Function 00007FFAAC9FD1C5 Relevance: .9, Instructions: 937COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 24348b9b12eedc844f180d6ee10146e15e0a98b1d39e6e29f7869aec6751a299
                                              • Instruction ID: acb2f4d4e379bef459cbf20f4f45de9d845c2bdf1228410ed18582f103fe15a3
                                              • Opcode Fuzzy Hash: 24348b9b12eedc844f180d6ee10146e15e0a98b1d39e6e29f7869aec6751a299
                                              • Instruction Fuzzy Hash: C5629371A19B49CFEB59DF28C844AA977F1FF59300F1481A9D40ECB296DE34E885CB80
                                              Function 00007FFAAC9FDB98 Relevance: .9, Instructions: 854COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ff76311b69c6e6d8a747454e111d744b4c6c109b59120c3c1a11c64a2f930ea2
                                              • Instruction ID: beb9b03ed22742dc92c68b71c73c1d2651369a331d5718c6ee5742a6e3872ff9
                                              • Opcode Fuzzy Hash: ff76311b69c6e6d8a747454e111d744b4c6c109b59120c3c1a11c64a2f930ea2
                                              • Instruction Fuzzy Hash: 0342C371A2CA469FEB98EB28D080AB573E2FF95340B14857DC04FC3996DE35F8468781
                                              Function 00007FFAAC9F0701 Relevance: .8, Instructions: 781COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 20018c946ab119f536639d45f87bad29c8ca083b46480525df0bfbf9fddb66f6
                                              • Instruction ID: b1881efb2e830ca320d4cff543120c599c8b72994d08bc60c50f43bd340b7169
                                              • Opcode Fuzzy Hash: 20018c946ab119f536639d45f87bad29c8ca083b46480525df0bfbf9fddb66f6
                                              • Instruction Fuzzy Hash: 3D32C13071DA098FEB68EB2C9855A6577E2FF59300F1441BAE44EC72A2DE24EC4687C1
                                              Function 00007FFAAC9F9A05 Relevance: .8, Instructions: 750COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 73d24e454b50c384108cff998b5e0a9af7dd1cc7ed12e2c6579c95968d1fd606
                                              • Instruction ID: fc94a2274440bd2238c9000a532cb6cca1dd43ee7de53a448bb77d6516c65aea
                                              • Opcode Fuzzy Hash: 73d24e454b50c384108cff998b5e0a9af7dd1cc7ed12e2c6579c95968d1fd606
                                              • Instruction Fuzzy Hash: DD32F364A1DB468BF758A72898556B477D2FF8A300F44817DE04FC72C3DE28E80A87C2
                                              Function 00007FFAAC9FDB20 Relevance: .7, Instructions: 740COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d38312f76be01ccd38582f0a7d31c92777f3388c4206674cee2a1025c8006bb4
                                              • Instruction ID: 54f5790c67e770d11501d21a1fbac55c73dde16aa6888c0420632a17494c8af1
                                              • Opcode Fuzzy Hash: d38312f76be01ccd38582f0a7d31c92777f3388c4206674cee2a1025c8006bb4
                                              • Instruction Fuzzy Hash: 70424D74A19B498FEBA8DB18C894BB973E1FF59300F1081B9D44EC7695DE34E885CB81
                                              Function 00007FFAACA06010 Relevance: .6, Instructions: 623COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ebb318c49e2abff2e674cc7894c8c7309dc3cdaa335f221fd68f1c298f4de4c8
                                              • Instruction ID: 1ec18898cc53129c8fc99434b9700d6976d2773501c0001f4934e70cd124581a
                                              • Opcode Fuzzy Hash: ebb318c49e2abff2e674cc7894c8c7309dc3cdaa335f221fd68f1c298f4de4c8
                                              • Instruction Fuzzy Hash: 8A12243191DB858FE7569B3898616717BE1EF57300B0981EED08DC7193EE28EC4AC782
                                              Function 00007FFAAC9FE92F Relevance: .4, Instructions: 417COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9c6d781a5b24bf7318b6db97e0baa38151027f230eb31819a879031bc943e92f
                                              • Instruction ID: 9447e197e632f73c7de45939d79fe2478ed1b7ca4a8a592319eaf441b339604e
                                              • Opcode Fuzzy Hash: 9c6d781a5b24bf7318b6db97e0baa38151027f230eb31819a879031bc943e92f
                                              • Instruction Fuzzy Hash: 40D1E572A08B599FE724EF2CE894AE5B7A0FF49315F14417ED04DC7692CA34A486CBC1
                                              Function 00007FFAAC792FFA Relevance: 8.5, Strings: 6, Instructions: 1033COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0#%$0#%$0#%$0#%$AWAV$O_L
                                              • API String ID: 0-736060027
                                              • Opcode ID: 0fd3e637c37a7eaffff923fa0e24ae77378177d12916ad799df1a4e97066757c
                                              • Instruction ID: 3c9e3e1f8071f15a61513111ba3114c5a24e0aeae4965f2c6869b13db07a9268
                                              • Opcode Fuzzy Hash: 0fd3e637c37a7eaffff923fa0e24ae77378177d12916ad799df1a4e97066757c
                                              • Instruction Fuzzy Hash: 8362F972A0C5559FFB64FB6CE455AE93BA0EF45319B0881B6D04DCB2A3CD29E846C7C0
                                              Function 00007FFAAC7930A0 Relevance: 8.5, Strings: 6, Instructions: 962COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0#%$0#%$0#%$0#%$AWAV$O_L
                                              • API String ID: 0-736060027
                                              • Opcode ID: 07e0160996c4e3aae0799a2616256e7e43df813c248c396a4445e6296a155979
                                              • Instruction ID: a3b1c3407692c362beb89761327bd74e8c75717e34ee6dad738179329baabadc
                                              • Opcode Fuzzy Hash: 07e0160996c4e3aae0799a2616256e7e43df813c248c396a4445e6296a155979
                                              • Instruction Fuzzy Hash: EB62F972A085598FFB64FB6CE455AE937E1EF45319B0881B6D04DCB2A3CD29E846C780
                                              Function 00007FFAAC793108 Relevance: 8.4, Strings: 6, Instructions: 916COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0#%$0#%$0#%$0#%$AWAV$O_L
                                              • API String ID: 0-736060027
                                              • Opcode ID: e7e8d5a025642ffcdd54a403ddcffc0b71dc9bf369325bc3cd178a52917c229b
                                              • Instruction ID: 0bf5890701d70cd3644812c1db91eb7d5cf7aff63b72ef155b70c60522dd8fef
                                              • Opcode Fuzzy Hash: e7e8d5a025642ffcdd54a403ddcffc0b71dc9bf369325bc3cd178a52917c229b
                                              • Instruction Fuzzy Hash: 0052E972A085598FFBA4FB6CD455AE837E1EF55315B0481B6D04DCB2A3CE29E846C780
                                              Function 00007FFAAC793338 Relevance: 8.2, Strings: 6, Instructions: 664COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0#%$0#%$0#%$0#%$AWAV$O_L
                                              • API String ID: 0-736060027
                                              • Opcode ID: ffc0ebe98408d94748dfe7deb6259b00de1cf425a87a4999669a4009fa6b54c5
                                              • Instruction ID: 26b29b7f43317560a88541df6096c388890b38d412851b12ce6eead6ade4e634
                                              • Opcode Fuzzy Hash: ffc0ebe98408d94748dfe7deb6259b00de1cf425a87a4999669a4009fa6b54c5
                                              • Instruction Fuzzy Hash: 7022A531A19959CFEB94EB6CD454AA877F1FF59305F1481B9D00EC72A2CE29EC46CB80
                                              Function 00007FFAAC793B44 Relevance: 6.9, Strings: 5, Instructions: 625COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0#%$0#%$0#%$0#%$O_L
                                              • API String ID: 0-1398581991
                                              • Opcode ID: 5b4bad496470d033d7b60f5aded28e6526f1bc8ee0697183fc59892a6e3e4a85
                                              • Instruction ID: 7da3d54d243ebb10c511b064c900478d0f5a0137fe04b0dfa85cea0f5e5038b1
                                              • Opcode Fuzzy Hash: 5b4bad496470d033d7b60f5aded28e6526f1bc8ee0697183fc59892a6e3e4a85
                                              • Instruction Fuzzy Hash: 4B126231A19919CFEB98EB5CC495A7877F1FF99301B1441B9D00EC72A6DE29EC46CB80
                                              Function 00007FFAAC793C27 Relevance: 6.9, Strings: 5, Instructions: 617COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0#%$0#%$0#%$0#%$O_L
                                              • API String ID: 0-1398581991
                                              • Opcode ID: ef5296989cc98ba40ed8820e581ac0fe9466ef7f02075647b4d7242d2cbe56b3
                                              • Instruction ID: e82201dfd140e5c54131bdbdd0f114e4c0279dcb899c3be5b87a19b9aec83071
                                              • Opcode Fuzzy Hash: ef5296989cc98ba40ed8820e581ac0fe9466ef7f02075647b4d7242d2cbe56b3
                                              • Instruction Fuzzy Hash: 8D127531A19949CFEBD8EB5CC454A6877F1FF99304B1541B9D00ECB2A2DE29EC46CB80
                                              Function 00007FFAAC793CB6 Relevance: 6.8, Strings: 5, Instructions: 592COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0#%$0#%$0#%$0#%$O_L
                                              • API String ID: 0-1398581991
                                              • Opcode ID: 45e21cb63edd2082d8216c3643c4334e4d1e3316d4289682562a945265d8f86d
                                              • Instruction ID: f25d07a70c3c8cb3a1e354df67cf64f8f4e8ea07660469e99b95220356a8d4eb
                                              • Opcode Fuzzy Hash: 45e21cb63edd2082d8216c3643c4334e4d1e3316d4289682562a945265d8f86d
                                              • Instruction Fuzzy Hash: 6E126331A19909CFEB98EB5CC495A7877F1FF99304B1541B9D00EC72A6CE29EC46CB80
                                              Function 00007FFAAC793BF5 Relevance: 6.8, Strings: 5, Instructions: 563COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0#%$0#%$0#%$0#%$O_L
                                              • API String ID: 0-1398581991
                                              • Opcode ID: 3042cf419e2ce43de5e192e1785f2a5ab9f9fceba89318d94b08f79cac82e000
                                              • Instruction ID: 107657504c71ada58d51bdcff29fe1278f7284dd10c178d4f4cc905198505340
                                              • Opcode Fuzzy Hash: 3042cf419e2ce43de5e192e1785f2a5ab9f9fceba89318d94b08f79cac82e000
                                              • Instruction Fuzzy Hash: 7E025231A19919CFEBD8EB5CC494A6877F1FF99304B1541B9D00EC72A5CE29EC46CB80
                                              Function 00007FFAAC793BDA Relevance: 6.8, Strings: 5, Instructions: 549COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0#%$0#%$0#%$0#%$O_L
                                              • API String ID: 0-1398581991
                                              • Opcode ID: 33d241bae0eb66c288c1cd1bd84d9968dd208a0272528e0720b2e63e1396c16b
                                              • Instruction ID: b475772d62370e24bdf6a92402ab03174b29a0343d1c92b91c0a3b2ba134a4d9
                                              • Opcode Fuzzy Hash: 33d241bae0eb66c288c1cd1bd84d9968dd208a0272528e0720b2e63e1396c16b
                                              • Instruction Fuzzy Hash: 76024231A19919CFEB98EB5CC494A6877F1FF99304F1541B9D00EC72A6DE29EC46CB80
                                              Function 00007FFAAC793B0D Relevance: 6.8, Strings: 5, Instructions: 544COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0#%$0#%$0#%$0#%$O_L
                                              • API String ID: 0-1398581991
                                              • Opcode ID: c4c893f419ceab016130d3bcda6dd42d198064895dfb31a7b0815f5e5d0a8ad1
                                              • Instruction ID: fcfdf7e3552a7088b3904e65f1c12ce6aaa8a54e4353d076da2a453121b9b0f5
                                              • Opcode Fuzzy Hash: c4c893f419ceab016130d3bcda6dd42d198064895dfb31a7b0815f5e5d0a8ad1
                                              • Instruction Fuzzy Hash: 8C025231A18919CFEB98EB5CC495A6877F1FF99301F1541B9D00EC72A5DE29EC46CB80
                                              Function 00007FFAAC9F012F Relevance: 5.5, Strings: 4, Instructions: 478COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0#%$0X%$9*_H$x!%
                                              • API String ID: 0-3742114875
                                              • Opcode ID: 1ed211915d8604c9aec266573a04ca29be9913ff9ed2425948d3eb33c7924247
                                              • Instruction ID: ee78afd21bf95fccf006e8bc15a1702a1e0cc45d11b1a6cf5b452d174d510d9b
                                              • Opcode Fuzzy Hash: 1ed211915d8604c9aec266573a04ca29be9913ff9ed2425948d3eb33c7924247
                                              • Instruction Fuzzy Hash: F0E1B275A1DB4A8FFB94DB6C8895AB87BE1FF9A300B0440B9D04DC7696DE24EC0587C1
                                              Function 00007FFAAC794304 Relevance: 2.9, Strings: 2, Instructions: 357COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0#%$0#%
                                              • API String ID: 0-1972909233
                                              • Opcode ID: d48ec2dfaea4d77f5e7fffd269393bf8419c83594ca926a02a7dc44906370a9e
                                              • Instruction ID: 59b715e156f8cfabf480a12ba66101c579aa6778d65d05c28e5613a885912293
                                              • Opcode Fuzzy Hash: d48ec2dfaea4d77f5e7fffd269393bf8419c83594ca926a02a7dc44906370a9e
                                              • Instruction Fuzzy Hash: 47B13030A19919CFEB98EB5CD454A6873E1FF99305B1541B9D00EC72A1DE2AEC46CB80
                                              Function 00007FFAAC7942C1 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0#%$0#%
                                              • API String ID: 0-1972909233
                                              • Opcode ID: 7182c1cea7d0a7cac2baa87bdd7672e33116429e6345f4ee2cc9025d4ac79574
                                              • Instruction ID: e73fcefe45f3a01cce071d94fe108b4c921126fdadb1344234abc8ee124ca724
                                              • Opcode Fuzzy Hash: 7182c1cea7d0a7cac2baa87bdd7672e33116429e6345f4ee2cc9025d4ac79574
                                              • Instruction Fuzzy Hash: 5EB14E71A19919CFEB98EB1CD458B6873E1FF99305F1541B9D00EC72A1CE2AEC46CB80
                                              Function 00007FFAAC794288 Relevance: 2.8, Strings: 2, Instructions: 347COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0#%$0#%
                                              • API String ID: 0-1972909233
                                              • Opcode ID: 337a59fa583ce0219f46e65591569a0036b8f6082b8a0100aca74aff40f40755
                                              • Instruction ID: 33be030bbef84f9c713355df6411aea4f3e90d99c12e61d1012f9a81ea7d5487
                                              • Opcode Fuzzy Hash: 337a59fa583ce0219f46e65591569a0036b8f6082b8a0100aca74aff40f40755
                                              • Instruction Fuzzy Hash: 54B14F70A19919CFEB98EB5CD458A6873E1FF99305F1541B9D00EC72A1DE2AEC46CB80
                                              Function 00007FFAAC79436C Relevance: 2.8, Strings: 2, Instructions: 337COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0#%$0#%
                                              • API String ID: 0-1972909233
                                              • Opcode ID: c85628d0bdcb01ff2cfd9d6d89de4716c62fe838e6b0405d2b0dcbfde64ee6ad
                                              • Instruction ID: 7c24c26df431be545c614af484018a284e47f0b86d08b9c72d5601bfcd3c6f94
                                              • Opcode Fuzzy Hash: c85628d0bdcb01ff2cfd9d6d89de4716c62fe838e6b0405d2b0dcbfde64ee6ad
                                              • Instruction Fuzzy Hash: 1BB14230A19919CFEB98EB5CD458B6873E1FF99305F1541B9D00EC72A1CE26EC46CB80
                                              Function 00007FFAAC7943BC Relevance: 2.8, Strings: 2, Instructions: 335COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0#%$0#%
                                              • API String ID: 0-1972909233
                                              • Opcode ID: a5dfa84399ab20b97ed8d17f0dcea075245d463c8b61e9cb7dfd8afe6bd90af5
                                              • Instruction ID: 8f7ab53629baba38de265420d6a50faf4c2502ee834a4f6e8a235712585a91a1
                                              • Opcode Fuzzy Hash: a5dfa84399ab20b97ed8d17f0dcea075245d463c8b61e9cb7dfd8afe6bd90af5
                                              • Instruction Fuzzy Hash: 84B14031A19919CFEB98EB1CD458B6873E1FF99305F1541B9D00EC72A1DE2AEC46CB80
                                              Function 00007FFAAC794343 Relevance: 2.8, Strings: 2, Instructions: 331COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0#%$0#%
                                              • API String ID: 0-1972909233
                                              • Opcode ID: 0dbe875bf806744f49cbf252f9f7fbe3f5013956c6d0641df4594a4b23ad582d
                                              • Instruction ID: 10624aaa76e6a35eaf339d9adfb8574075a6a3346b35f55183130ceb2a767b45
                                              • Opcode Fuzzy Hash: 0dbe875bf806744f49cbf252f9f7fbe3f5013956c6d0641df4594a4b23ad582d
                                              • Instruction Fuzzy Hash: F7A13131A19919CFEB98EB5CD498B6873E1FF99305F1541B9D00EC72A1CE26EC46CB80
                                              Function 00007FFAAC794268 Relevance: 2.8, Strings: 2, Instructions: 326COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0#%$0#%
                                              • API String ID: 0-1972909233
                                              • Opcode ID: 17139504d22fa9c43eb67483750d479d61704856c2981aadbf12ffc84c867120
                                              • Instruction ID: fce009ff6cdd25c9e36e5d1c3376bfe5f58465ca65e94005d8a6f3c843083028
                                              • Opcode Fuzzy Hash: 17139504d22fa9c43eb67483750d479d61704856c2981aadbf12ffc84c867120
                                              • Instruction Fuzzy Hash: B1A13F70A19919CFEB98EB5CD458A6873F1FF99305F1541B9D00EC72A1DE2AEC46CB80
                                              Function 00007FFAAC79439F Relevance: 2.8, Strings: 2, Instructions: 326COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0#%$0#%
                                              • API String ID: 0-1972909233
                                              • Opcode ID: 5437789b5f6ed490e9a3b69b78d622c8d67a816b830dfc889fb8e64b8c17a4cc
                                              • Instruction ID: fce009ff6cdd25c9e36e5d1c3376bfe5f58465ca65e94005d8a6f3c843083028
                                              • Opcode Fuzzy Hash: 5437789b5f6ed490e9a3b69b78d622c8d67a816b830dfc889fb8e64b8c17a4cc
                                              • Instruction Fuzzy Hash: B1A13F70A19919CFEB98EB5CD458A6873F1FF99305F1541B9D00EC72A1DE2AEC46CB80
                                              Function 00007FFAAC794336 Relevance: 2.8, Strings: 2, Instructions: 325COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0#%$0#%
                                              • API String ID: 0-1972909233
                                              • Opcode ID: 7fb220a276fc05096675814e4894302823d9aa296ccdc318fcc8bbabec1cabcb
                                              • Instruction ID: b878143de88998b0f7ab0bc5600bee1cde58af8493a9d6165cc1852f9cbfc199
                                              • Opcode Fuzzy Hash: 7fb220a276fc05096675814e4894302823d9aa296ccdc318fcc8bbabec1cabcb
                                              • Instruction Fuzzy Hash: FCA14070A19919CFEB98EB1CD458B6873E1FF99305F1541B9D00EC72A1CE2AEC46CB80
                                              Function 00007FFAACA09BAA Relevance: 2.8, Strings: 2, Instructions: 315COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 1$m
                                              • API String ID: 0-402893558
                                              • Opcode ID: dc1d946d8ba1c9cd58ae6f6aca7b55da0fd0c0f8d1eac8f5e4439ced8ddf4998
                                              • Instruction ID: 26a0181fe7a700a739f4313ae79c0d91d9ecb3e625f56aae797e7a6ef86867a3
                                              • Opcode Fuzzy Hash: dc1d946d8ba1c9cd58ae6f6aca7b55da0fd0c0f8d1eac8f5e4439ced8ddf4998
                                              • Instruction Fuzzy Hash: 8BC1B0B09187459FF799DB28C4557B5BBE1FF59304F0081BDE04EC7682DE389A868B42
                                              Function 00007FFAAC9F021E Relevance: 2.8, Strings: 2, Instructions: 278COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0#%$9*_H
                                              • API String ID: 0-1245966708
                                              • Opcode ID: 2d6a07984869f9eb86e47c45417008755e9a438a3bf270407850a94cdd795b16
                                              • Instruction ID: d450c16f19603b45f7915756e047b85656ace8a93ddc5e346f21d00f9474799c
                                              • Opcode Fuzzy Hash: 2d6a07984869f9eb86e47c45417008755e9a438a3bf270407850a94cdd795b16
                                              • Instruction Fuzzy Hash: EF81C365A1DB4ACFFB95DB6C8C956B83BE1EF9A304B0440A9D04DC7692DE24EC0687C1
                                              Function 00007FFAAC9F0E1D Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: -*_H$0#%
                                              • API String ID: 0-1037086398
                                              • Opcode ID: b1cd193e1327702bcf2bb41bf182a9f88a961c51d0020cfe15dc69ea80c72024
                                              • Instruction ID: 88955dbacc2ef35d8205206282a91bdfc4fe84ac934cd5bc58430ba6cfbee729
                                              • Opcode Fuzzy Hash: b1cd193e1327702bcf2bb41bf182a9f88a961c51d0020cfe15dc69ea80c72024
                                              • Instruction Fuzzy Hash: DA316A2170DA494FF798DB2CD845AB53BE6EF9A35070581B9D84EC7297CD28EC4683C0
                                              Function 00007FFAAC9F0E40 Relevance: 2.6, Strings: 2, Instructions: 121COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: -*_H$0#%
                                              • API String ID: 0-1037086398
                                              • Opcode ID: 5666708819891b6e4c82e51bbb6f5e3ebae8b54b38764bad17cbd6de5a54ca92
                                              • Instruction ID: e97404f32ca5af3ec9b6245a76b589322eb0b56ad853468d46f0a8805e6f0bc5
                                              • Opcode Fuzzy Hash: 5666708819891b6e4c82e51bbb6f5e3ebae8b54b38764bad17cbd6de5a54ca92
                                              • Instruction Fuzzy Hash: 5231542171DA494FA798EB2CD885A753BD6EF9A36071550B9D84EC3297CD24EC4283C0
                                              Function 00007FFAACA132A0 Relevance: 1.8, Strings: 1, Instructions: 576COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: '_L
                                              • API String ID: 0-1410604339
                                              • Opcode ID: 49a3114618a0eb91e15a0de01a6a96229ffb8cc2e7a6c0921f2dbebea773c2b1
                                              • Instruction ID: ca59619f1cc0a9d980912520a8f7436c4bca72bcb2d40f615ef249f738159281
                                              • Opcode Fuzzy Hash: 49a3114618a0eb91e15a0de01a6a96229ffb8cc2e7a6c0921f2dbebea773c2b1
                                              • Instruction Fuzzy Hash: 7F02E26191E7C28FE7579B3858295747FA2AF57310B0981FBD04ECB1E3EE099C498392
                                              Function 00007FFAAC9F52E0 Relevance: 1.7, Strings: 1, Instructions: 448COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: [
                                              • API String ID: 0-2256786511
                                              • Opcode ID: 6d5ea524ea65ee206e0b7c607c2f111f7344c0024c62728d4f30adf4fa1a87c7
                                              • Instruction ID: 5edbe8f179bfc4eef581783a631aaa3286e1f76eaa154a35a050e4de82134b71
                                              • Opcode Fuzzy Hash: 6d5ea524ea65ee206e0b7c607c2f111f7344c0024c62728d4f30adf4fa1a87c7
                                              • Instruction Fuzzy Hash: 3AE1A734A19B0ACFEB94DB18C495A71B3E2FF5A304B5481B9C04DD7686CE25EC8AC7C1
                                              Function 00007FFAACA06BCD Relevance: 1.4, Strings: 1, Instructions: 131COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0#%
                                              • API String ID: 0-3812812541
                                              • Opcode ID: abdcb6a145882b79ed56574b3feb2fd7f96eb093eb511cfa55a1f1ad40307e36
                                              • Instruction ID: d924bbafadb200ca7ad9bf3e40b3b04abc3212c8ac195780f3ae6ff53f10a2cd
                                              • Opcode Fuzzy Hash: abdcb6a145882b79ed56574b3feb2fd7f96eb093eb511cfa55a1f1ad40307e36
                                              • Instruction Fuzzy Hash: BD310932B1DA094FEBD4EB2CE8546B477D2EF8A25174581F6D44DC7192ED15DC468380
                                              Function 00007FFAACA08031 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: "/_H
                                              • API String ID: 0-1565143373
                                              • Opcode ID: 6389b555d291054dedc54f08172863d85287ac1a5f4a2b437acdfa3edb44f32a
                                              • Instruction ID: ab692ffe7c2c8724ea01be6dee70662b577472a39f08d6b2b52776dd8899ffd8
                                              • Opcode Fuzzy Hash: 6389b555d291054dedc54f08172863d85287ac1a5f4a2b437acdfa3edb44f32a
                                              • Instruction Fuzzy Hash: 6D11E181A2EBC54FE7A7573458662B43FA2AF57240B4A40F7D04DCB5D3ED1C9C0A8396
                                              Function 00007FFAAC9F2D49 Relevance: 1.0, Instructions: 965COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 662792847d98e066dd8ee06d6886b2222d4160647bad1a6ac091b3f85c5ac464
                                              • Instruction ID: 4ad4f97189e75502b86a5f92f07e4efa9f0e086a8f8b8344e3821efecd6c4103
                                              • Opcode Fuzzy Hash: 662792847d98e066dd8ee06d6886b2222d4160647bad1a6ac091b3f85c5ac464
                                              • Instruction Fuzzy Hash: E6527F3020DA498FEBD6EF2CD494AA43BE1FF9A340B1540E6D49DCB2A3DD25EC458791
                                              Function 00007FFAAC9FF958 Relevance: .8, Instructions: 811COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f7d8bd34d149f9ff73955a56edaefda3db215dd9cea935ab9c4054cc003a14f4
                                              • Instruction ID: 29078803ff554716585d73a526a2fa2fa5984ef433ef149d4c1dbfb418712101
                                              • Opcode Fuzzy Hash: f7d8bd34d149f9ff73955a56edaefda3db215dd9cea935ab9c4054cc003a14f4
                                              • Instruction Fuzzy Hash: 21323430A1DA4A9FE798DB18D4956B1B7E2FF96340B1481BDD04EC7292EE24EC46C7C1
                                              Function 00007FFAACA05561 Relevance: .7, Instructions: 711COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a4bce828e526d42f71778b3b3482906efad9374b40545d3e7bb4100a1d1baa41
                                              • Instruction ID: e9d57434f0adc454c5c95388f1d7a1e5a4618c1842310a604038f329e87d253e
                                              • Opcode Fuzzy Hash: a4bce828e526d42f71778b3b3482906efad9374b40545d3e7bb4100a1d1baa41
                                              • Instruction Fuzzy Hash: 3C32AF70A29A098FEB98EB18C485AB9B7E1FF95340F1045BDD04EC7696DE34F845CB81
                                              Function 00007FFAAC9F4AFD Relevance: .5, Instructions: 510COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2c482fbeca327e3f054341ce5a393125e61260f2759024fb988a55c3877fd17c
                                              • Instruction ID: 36a49f8e813eb97868780382642b9c5193646895fc8c6c9260b00140e6970a8c
                                              • Opcode Fuzzy Hash: 2c482fbeca327e3f054341ce5a393125e61260f2759024fb988a55c3877fd17c
                                              • Instruction Fuzzy Hash: DFE1F231A1DB4A8FE799EB28885467573E1FF9A310F0485BED44EC3692DE24F84687C1
                                              Function 00007FFAAC9FDBA0 Relevance: .5, Instructions: 486COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: eaa0652d1f61fe9c88dc6281425b3d51c1fb7070d9d6f36464c278ee4a3505fe
                                              • Instruction ID: 2c3733eb5fd816836fa62bfe3bc502c293465c7de9ae6fb92afa2c28ad88bebc
                                              • Opcode Fuzzy Hash: eaa0652d1f61fe9c88dc6281425b3d51c1fb7070d9d6f36464c278ee4a3505fe
                                              • Instruction Fuzzy Hash: E0E1E53161DA099FE798DB1CD885AB173E2FB96350B1481B9D04EC7292EE25FC46C7C0
                                              Function 00007FFAAC7908AD Relevance: .4, Instructions: 389COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7364b69b7b18927f05bb23be3a297b8e95c156c40810a4853b03c947ae3e3bde
                                              • Instruction ID: a83a1f3593599ca7f295c35b050f4e3c18965fb2c75e2b6cd3b134daf3cfee90
                                              • Opcode Fuzzy Hash: 7364b69b7b18927f05bb23be3a297b8e95c156c40810a4853b03c947ae3e3bde
                                              • Instruction Fuzzy Hash: F0D19D6191DB8A8FE786DB7CC458BA97FF1EF9B310F0441E6C049CB2A3CA295849C751
                                              Function 00007FFAAC9F6765 Relevance: .4, Instructions: 381COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 237f75bb15a30a3d264935b137939c3596a9357b56bd09b2aeaaf11204b0e501
                                              • Instruction ID: 1e8114592f0f3b1c2d70ed1da9ba73a0fdea3d44e89619db53a48853aff7c0d0
                                              • Opcode Fuzzy Hash: 237f75bb15a30a3d264935b137939c3596a9357b56bd09b2aeaaf11204b0e501
                                              • Instruction Fuzzy Hash: A9B18529B1EB0B8BFE959B2819513B523D2EF97344F5480BED40DC72C6DD19EC4A86C1
                                              Function 00007FFAACA00CF5 Relevance: .4, Instructions: 376COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 074f3f4d3b797c48893b2f0be1169ead2c9aed12362731f2c3d03b76f4de867c
                                              • Instruction ID: a541e511064feb0684302188f1f8cffef542608d3fbb403ca54127de3df54afc
                                              • Opcode Fuzzy Hash: 074f3f4d3b797c48893b2f0be1169ead2c9aed12362731f2c3d03b76f4de867c
                                              • Instruction Fuzzy Hash: A3C19D30618A469FEB98EB18D080AB573E2FF95344F1481BDD04EC7696DE39F886C781
                                              Function 00007FFAAC9FDB80 Relevance: .3, Instructions: 347COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 12d0264661c8a307416cdae6a27464b6b431378b54980cd0c6860d283591fedf
                                              • Instruction ID: eca3f9041b19bd2f980412d1b2be754a00ae2c68019a13109c0ac69574979c97
                                              • Opcode Fuzzy Hash: 12d0264661c8a307416cdae6a27464b6b431378b54980cd0c6860d283591fedf
                                              • Instruction Fuzzy Hash: CAC16B34A19B4A8FFBA8DB28C49477577E1EF55304F1485B9C44E87686CB39E88AC7C0
                                              Function 00007FFAAC9F53E8 Relevance: .3, Instructions: 345COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1c1cdcee3344a44d036cd9e74386a31766a856a380020da60b9f7b9fb1a8d00b
                                              • Instruction ID: dcdecd1c5e3b74058931edef91f2d42aa172a31baf5d5697ef718c8020aeed46
                                              • Opcode Fuzzy Hash: 1c1cdcee3344a44d036cd9e74386a31766a856a380020da60b9f7b9fb1a8d00b
                                              • Instruction Fuzzy Hash: 1AA15862A0DB869FF769A73CC8666F477D1EF46314B0841B9D04EC3593CE18E80683C1
                                              Function 00007FFAACA09499 Relevance: .3, Instructions: 343COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f21af4aa0cf5cd925f1d501726964e0ae2b3064b211d87dc8be016ee29c9ef46
                                              • Instruction ID: de5c70f4fa29ae989d57281054da2598f1b2629d5d5a9903f4b2f7e4854e0cb4
                                              • Opcode Fuzzy Hash: f21af4aa0cf5cd925f1d501726964e0ae2b3064b211d87dc8be016ee29c9ef46
                                              • Instruction Fuzzy Hash: 8DA1B330A2CA0A9FE698EB289455A75B3E2FB99340F50C57DD04EC3686DE34FC4687C1
                                              Function 00007FFAAC9F3C61 Relevance: .3, Instructions: 337COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a32fe5b25d34f510cc1c2291ad1eb16792846892716f988dbf869211c2803a4f
                                              • Instruction ID: 5088a3bcb5d42ef75eeb51ed3bd8e958a947ee8f09f7e8909372281e7214e1e4
                                              • Opcode Fuzzy Hash: a32fe5b25d34f510cc1c2291ad1eb16792846892716f988dbf869211c2803a4f
                                              • Instruction Fuzzy Hash: 38B19234A18B09CFEB98EB2CC855A687BF1FF5A304B1441A9D44DC72A2DE25E845CBC1
                                              Function 00007FFAACA098A5 Relevance: .3, Instructions: 327COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a19407bf7f69cd78bcc1931b29e2f4a13f50b0c2d81973514e2dcbd68dd56da5
                                              • Instruction ID: babad553017083e9655a479fab96bbc10f456d0f747247595d0104419cb772ea
                                              • Opcode Fuzzy Hash: a19407bf7f69cd78bcc1931b29e2f4a13f50b0c2d81973514e2dcbd68dd56da5
                                              • Instruction Fuzzy Hash: BDA14970A1DB899FE796AB289451AB47BF1EF46310F0441EAD04DC71E3DE28EC4AC791
                                              Function 00007FFAAC9F4118 Relevance: .3, Instructions: 297COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: aeb9b81c83c2963ea43efebd517aad3778c900be894824c0b386eeb3ed498dc2
                                              • Instruction ID: ef1d9ffda40918ea057fa4aa5acbd6d81e7366a7d77b942a93964abcfb60b5d1
                                              • Opcode Fuzzy Hash: aeb9b81c83c2963ea43efebd517aad3778c900be894824c0b386eeb3ed498dc2
                                              • Instruction Fuzzy Hash: D6919074A19B0A8BF6A8EF18885567673E2FF99300F14817DD44EC3696DE34F84A87C1
                                              Function 00007FFAAC9FB979 Relevance: .3, Instructions: 280COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6557accec6c907633218009c7ca7c91dd7c82037499fcb3b5e5c15979451e652
                                              • Instruction ID: a0c8418f07a898222a7db30ec3bb21c6e07ef6b6ed8082985ff95cbc689df9d3
                                              • Opcode Fuzzy Hash: 6557accec6c907633218009c7ca7c91dd7c82037499fcb3b5e5c15979451e652
                                              • Instruction Fuzzy Hash: ED81B030A1DB498FEB98DF2C9845AB977E1FF9A310F10417AD44EC7292DE24E84687C1
                                              Function 00007FFAAC9FDE40 Relevance: .3, Instructions: 279COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e79df82c38800415173e4b82b5f71736021476f03d18d49b7a41a1ca5884cfa1
                                              • Instruction ID: 1d18d05df377344efc79736cc7467746810f5a301041bccbf903a25f7b2f3b75
                                              • Opcode Fuzzy Hash: e79df82c38800415173e4b82b5f71736021476f03d18d49b7a41a1ca5884cfa1
                                              • Instruction Fuzzy Hash: CF81913161CB088FEB18DB1CD8469B977E1FB99721B04426FE44ED7652DE21F8468BC1
                                              Function 00007FFAAC9F5C60 Relevance: .3, Instructions: 270COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 83186caf2e9479903e1781f17e2a3cc4bbcbc3a42e956544531b5dd4c2faad88
                                              • Instruction ID: 456e5e87ed20cbe19c9b881e3945bbcd4eb3426e6f08918585d60e943125c5df
                                              • Opcode Fuzzy Hash: 83186caf2e9479903e1781f17e2a3cc4bbcbc3a42e956544531b5dd4c2faad88
                                              • Instruction Fuzzy Hash: 62818C31619B05CBFBA4EB19C884A7273E1FF59310F14857ED44EC76A1DA29F8898BC0
                                              Function 00007FFAACA06518 Relevance: .2, Instructions: 235COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 62f402f148b747128a27d47ecd0a6704a90068f1bbc89ad730098dab8a344091
                                              • Instruction ID: 9002ce5b3df6ae9094215e109bec90f724704549b9c884dad3384e150dc28c66
                                              • Opcode Fuzzy Hash: 62f402f148b747128a27d47ecd0a6704a90068f1bbc89ad730098dab8a344091
                                              • Instruction Fuzzy Hash: 6C51F721B2DA4A8FF798A33CA4596B967D3EF9921070481BAD40FC35D7EE18EC4583C1
                                              Function 00007FFAAC9FAF5D Relevance: .2, Instructions: 216COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 78500e7dbb652ee87fe5708395136af193b67951c48e706bc54de494ce62b34b
                                              • Instruction ID: 6c7af2d052a6277724d410b9ea5def205586afbbb2e9eab5ed3ea4607dc6e568
                                              • Opcode Fuzzy Hash: 78500e7dbb652ee87fe5708395136af193b67951c48e706bc54de494ce62b34b
                                              • Instruction Fuzzy Hash: 3F618F34A19B05CBEB68DB18D841A71B3E2FF9A314F24857DD08E83695CE35F88687C5
                                              Function 00007FFAAC9F58F4 Relevance: .2, Instructions: 209COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bf4a279229e91ff7274417d7b490a058b3e00261f6e203f256527168c37f17f2
                                              • Instruction ID: 1359e0c3c2ce70329d8345a5526a03c8b0e25f453787d5b6f1536c569a7b9ccd
                                              • Opcode Fuzzy Hash: bf4a279229e91ff7274417d7b490a058b3e00261f6e203f256527168c37f17f2
                                              • Instruction Fuzzy Hash: 61510370A18B498FEBA8EF28C490A7573E1FF99314B50417ED44FC3696CE34E8458B81
                                              Function 00007FFAAC9F51FC Relevance: .2, Instructions: 202COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e073d59880e7f15822f8b0cfebd42ca6fef618fbc651b19e549cf3cdfbe2eed4
                                              • Instruction ID: 5cd15294bbdb6867d9d1a999e9e46e2b71ed626a1d1105762311ec7571435157
                                              • Opcode Fuzzy Hash: e073d59880e7f15822f8b0cfebd42ca6fef618fbc651b19e549cf3cdfbe2eed4
                                              • Instruction Fuzzy Hash: 4161D77180DB839FF7659B3888954E17BE0FF52318718417ED48AC7992DE28F44A87D2
                                              Function 00007FFAACA067FC Relevance: .2, Instructions: 198COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 20ef139d7b0bfcd9fe9655844e84fafee32c903bc67606a59b2d04c1308e5953
                                              • Instruction ID: 6e22f11815861ff2a3a4d8f4bb85a037cfaf69986ff8d0c8559664a10f34707a
                                              • Opcode Fuzzy Hash: 20ef139d7b0bfcd9fe9655844e84fafee32c903bc67606a59b2d04c1308e5953
                                              • Instruction Fuzzy Hash: 13510D5291D7866FF655A33CE4B94F13FE0EF5621970841BBD08DCB5A3DD14A80A8391
                                              Function 00007FFAACA022FD Relevance: .2, Instructions: 196COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 778851f2e655749828aa1070de22d2403217fe16c31e20b6d6f6368af0dc9d28
                                              • Instruction ID: 7cf8b38853987391fdf1b3c5ec446e8323195a5934da8300ba86d257f3eda24f
                                              • Opcode Fuzzy Hash: 778851f2e655749828aa1070de22d2403217fe16c31e20b6d6f6368af0dc9d28
                                              • Instruction Fuzzy Hash: EB518330A18B19DFDB58EB58C851DB9B7E2FF99300F048269D44ED7296DA34F84587C1
                                              Function 00007FFAAC790578 Relevance: .2, Instructions: 194COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0fbf47c155b2e44e89736c9b377950cf414583ef8f7c70b6496526bd44a7be74
                                              • Instruction ID: 79e9ec4816d87e6925a193bafccffda287be1a22856771e5d04c8b335e105612
                                              • Opcode Fuzzy Hash: 0fbf47c155b2e44e89736c9b377950cf414583ef8f7c70b6496526bd44a7be74
                                              • Instruction Fuzzy Hash: ED515A6290D6865FF356E77CE855AF53FB0DF8626470881B7D08DCB1A3CE18584AC391
                                              Function 00007FFAAC7904B8 Relevance: .2, Instructions: 192COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9b2539d8e59f9e3be1488c02adeeeddb1aa762cca73538dd6e0a7c356aec02cb
                                              • Instruction ID: 030185536cc0b804625d9eb788f9eebd139449ae21f37ffe7fa1aba25a27ebc6
                                              • Opcode Fuzzy Hash: 9b2539d8e59f9e3be1488c02adeeeddb1aa762cca73538dd6e0a7c356aec02cb
                                              • Instruction Fuzzy Hash: 545109729096868FF355EB7CE4556E53BB0EF8622570481B7D08DCB1A3CE1C984AC751
                                              Function 00007FFAAC9F53F0 Relevance: .2, Instructions: 186COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 250eee487530d6cf4a10cde4f0de6fe3a278ae9426608471315dff38c0197f31
                                              • Instruction ID: cdcb25668ba7a5f02d37fdbe784c39bea37bc0a99a294d55335c35659aa1b071
                                              • Opcode Fuzzy Hash: 250eee487530d6cf4a10cde4f0de6fe3a278ae9426608471315dff38c0197f31
                                              • Instruction Fuzzy Hash: EA511E6580D746AFF7299778D8596F13BD0EF02319B0841BAD48EC75A3CE18E44A83C1
                                              Function 00007FFAAC9FB480 Relevance: .2, Instructions: 179COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 967ef51d38fa1b203c00c16f5ec669289fe4fb7ea30fd4431c0f67dd95418d1a
                                              • Instruction ID: e37facf59eac95a91a0983c73c69545222c523b41b76bc16fc49a2b03a6cee30
                                              • Opcode Fuzzy Hash: 967ef51d38fa1b203c00c16f5ec669289fe4fb7ea30fd4431c0f67dd95418d1a
                                              • Instruction Fuzzy Hash: 6951D461A2DB498BFB99DB6C98546743BD1EF99300F0481BDD04EC7686CD29EC4A87C0
                                              Function 00007FFAACA03755 Relevance: .2, Instructions: 171COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8648e399e57808d1fbe5c9591ca989bb47309cda04948d9fa5487a214a9434ab
                                              • Instruction ID: bc934b7f2008738fdc1fd5b93f775cda7303c3ad8cd23a00c5af94bd5321cce7
                                              • Opcode Fuzzy Hash: 8648e399e57808d1fbe5c9591ca989bb47309cda04948d9fa5487a214a9434ab
                                              • Instruction Fuzzy Hash: BB41E130A2BA069EF7D8D72DA45877023D2FF96251F5481B9D04DC7185EE29E98D8380
                                              Function 00007FFAACA071A2 Relevance: .2, Instructions: 170COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ae145587c0f238b763e548e44d719cbde526e8006ddb9b5598a246863e547d29
                                              • Instruction ID: 3c235a772d0781ab334c4e00b44f68650928bb7bc54fc9c43927b8f0ca654599
                                              • Opcode Fuzzy Hash: ae145587c0f238b763e548e44d719cbde526e8006ddb9b5598a246863e547d29
                                              • Instruction Fuzzy Hash: 43418931A1EA4A8FE7D5D72CA4546746BD2EF9A251B0881F7D44CCB2A3ED28CC498381
                                              Function 00007FFAAC9FE23A Relevance: .2, Instructions: 170COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d7d3759ef54ec6c09354c374faa05340c3aa91146f69bf193d5e61c92167424b
                                              • Instruction ID: 0901aec1fea9b3b7e57b788a42694ee5c57125373ebbe0fe31fc2d69493735c7
                                              • Opcode Fuzzy Hash: d7d3759ef54ec6c09354c374faa05340c3aa91146f69bf193d5e61c92167424b
                                              • Instruction Fuzzy Hash: 2641E175A1D7498BFB5C9B2C580A2B977D1EF96301F04417EE48EC3283DE68F80686C6
                                              Function 00007FFAAC7905D3 Relevance: .2, Instructions: 165COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3e7eff2f930c3cd278c75f8488561d5f6e3ea1baf24d07568c407783e8dc92c5
                                              • Instruction ID: 6ccca52ed8c88af0ea57b22dc2187a5a56fa5d34b25cb8fe390c848a535d3de5
                                              • Opcode Fuzzy Hash: 3e7eff2f930c3cd278c75f8488561d5f6e3ea1baf24d07568c407783e8dc92c5
                                              • Instruction Fuzzy Hash: E0415C625096864FF355EB3CD455AE57FB1DF86365B0880B7D08DCF2A3CE18984AC391
                                              Function 00007FFAAC7905FA Relevance: .2, Instructions: 164COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d605a11ef4e21d2b103234350a0112ae02b891b66307dc0c8d0925173c9df2f0
                                              • Instruction ID: 06e2f397895ec0f746831240d8e8d1220b994b4291f6b455cec69c52c5207bad
                                              • Opcode Fuzzy Hash: d605a11ef4e21d2b103234350a0112ae02b891b66307dc0c8d0925173c9df2f0
                                              • Instruction Fuzzy Hash: F5414C6250D6865FF356E73CD854AE53FB1DF86265B0880B7D08DCF1A3CD18584AC391
                                              Function 00007FFAAC9F52D0 Relevance: .2, Instructions: 162COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: dedc07f7e9bc023460efdbb545dbd58811ba3e828b6a92374ab011c2f859cd98
                                              • Instruction ID: 763b30474a8bb60af889026c273f36ef08a7ee5603dd72a8a019468f0998c399
                                              • Opcode Fuzzy Hash: dedc07f7e9bc023460efdbb545dbd58811ba3e828b6a92374ab011c2f859cd98
                                              • Instruction Fuzzy Hash: E1511531919B46CFFB54DB2888445A6B7E1FFA6310B14467ED08ED3A91DE64F80987C1
                                              Function 00007FFAAC9F55EF Relevance: .2, Instructions: 157COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b7052101d4df9ebddb61333bb5c28702e1e469d5d7b1f28adfe1c796c009b788
                                              • Instruction ID: 7333354b87e5df610ba83f9796374551ab7a124bc3706e39fb6317d143790795
                                              • Opcode Fuzzy Hash: b7052101d4df9ebddb61333bb5c28702e1e469d5d7b1f28adfe1c796c009b788
                                              • Instruction Fuzzy Hash: 8F419431A09B098FEB59DB28C4555B977E2FF95310B54857AD00EC76A2DE34E8468BC0
                                              Function 00007FFAACA00451 Relevance: .2, Instructions: 156COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 97ed39fb9b84176986ce254312bdc5643016984daedea7e151d4d34dc35fe48a
                                              • Instruction ID: a643aeca72138ed75bef9d0655093f7e2be82cd28ed01dba97ef779d57ed9e76
                                              • Opcode Fuzzy Hash: 97ed39fb9b84176986ce254312bdc5643016984daedea7e151d4d34dc35fe48a
                                              • Instruction Fuzzy Hash: 4E51C335A19B859FF7A5C7289054771BBE2BF56340F0485B9C08EC75D2E768F888C781
                                              Function 00007FFAAC9F6F20 Relevance: .2, Instructions: 155COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c8de822dc014e46af7dbab842d620b32dfc5b5d106be1c7791f97e72afb1a70f
                                              • Instruction ID: 8352756866ad065b18e744d57bf0e240148de5dae64ce3547d65c02a5c943471
                                              • Opcode Fuzzy Hash: c8de822dc014e46af7dbab842d620b32dfc5b5d106be1c7791f97e72afb1a70f
                                              • Instruction Fuzzy Hash: BF414A71A1DB4ACBF7B89B18584A2BA73D5EF96311F04417ED48EC3582DE35A80646C3
                                              Function 00007FFAAC9FB141 Relevance: .2, Instructions: 151COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f17726db501739103d80114f2ebd6f1c1bda4e54d1ae71234cfea9dbd0a73a00
                                              • Instruction ID: 3b1cfaeaecf9ce61da9857d3ad77ddbf6221487350be8556ed534f9784c065d5
                                              • Opcode Fuzzy Hash: f17726db501739103d80114f2ebd6f1c1bda4e54d1ae71234cfea9dbd0a73a00
                                              • Instruction Fuzzy Hash: CC41B33560DB4ACFE759EB28D8416B873D1EF9A310B1441BEC40EC7692DE2AE84687C1
                                              Function 00007FFAAC9FB15A Relevance: .2, Instructions: 150COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 745384a9bc99e0a9f2bed248b8f0be23d1223ce7ee0ef711c0f5af081d0bb7af
                                              • Instruction ID: 3ab09dacc034305d432df1b3d2f1a06039f538c8780b5a9e9263476fe55a23c9
                                              • Opcode Fuzzy Hash: 745384a9bc99e0a9f2bed248b8f0be23d1223ce7ee0ef711c0f5af081d0bb7af
                                              • Instruction Fuzzy Hash: 7941DF31A09B498FE75CEB2888456B837D2FF9A310B0441BDD40EC7692DE25E84687C1
                                              Function 00007FFAAC9FE630 Relevance: .2, Instructions: 150COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5b334e74799692881b40012cb4db33cd09885ec8c8f9a54864e74b55082b9b75
                                              • Instruction ID: f57b6a0ad4dafbfcdd9f892615777ac3ea74682fb0375d89b55c8d0501ec560b
                                              • Opcode Fuzzy Hash: 5b334e74799692881b40012cb4db33cd09885ec8c8f9a54864e74b55082b9b75
                                              • Instruction Fuzzy Hash: F4415CE191ABC65FE359E73C84495B9BB91FF8121070884FED05ECB897DE24E84A87C1
                                              Function 00007FFAAC9FDC30 Relevance: .1, Instructions: 148COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ff00a43da890da470ee7abf4c5d15d60b294e328390f9270319395accccabd13
                                              • Instruction ID: 306fd6a5ffc289d13d1f35fb8db2fcdf2f1b97fb9606e2b4e71461342ca55d7e
                                              • Opcode Fuzzy Hash: ff00a43da890da470ee7abf4c5d15d60b294e328390f9270319395accccabd13
                                              • Instruction Fuzzy Hash: 70517035A19B469FF7A4CB2890847B6BBE2BF56344F048579D08EC3591E768F888C780
                                              Function 00007FFAAC9F6F10 Relevance: .1, Instructions: 146COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 68df32415f5c3adf55c31495a3bee723af86fb6f314b3802d0e422c56f73d0a5
                                              • Instruction ID: 798574bcc0df7fb50bfeac9790c6d1528eca67a0ae0abaf9317d9e87da57f1b4
                                              • Opcode Fuzzy Hash: 68df32415f5c3adf55c31495a3bee723af86fb6f314b3802d0e422c56f73d0a5
                                              • Instruction Fuzzy Hash: F3414A7191DB8ACBF7799B2848592BA77D5EF96701F04417ED08EC31C2CD34A80642D3
                                              Function 00007FFAAC9F1260 Relevance: .1, Instructions: 142COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0e869d0462f70ae9d8e6aa8f97d0f8bf5f660c5f683beee4895943014d0456ea
                                              • Instruction ID: 5485ad4e855603febbd489452b001fbb2cc87a7fba893f76765a85288fc3cc8c
                                              • Opcode Fuzzy Hash: 0e869d0462f70ae9d8e6aa8f97d0f8bf5f660c5f683beee4895943014d0456ea
                                              • Instruction Fuzzy Hash: 4D412F3060EB0A8FFB58EB6C9806AB637E4EF5A310B5441BCD44EC3592EE65F84582C5
                                              Function 00007FFAACA004BA Relevance: .1, Instructions: 141COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: dc55ba9534e95b70c4f649354c182c8cb5880cc51921695fa23a8e2619ce0e5f
                                              • Instruction ID: 65995183d147893620baecd4fd23c89d57cde241c6a1b630885e66e42ece4587
                                              • Opcode Fuzzy Hash: dc55ba9534e95b70c4f649354c182c8cb5880cc51921695fa23a8e2619ce0e5f
                                              • Instruction Fuzzy Hash: 9A519235A19B869FF7A4CB289044775BBE2BF56344F048579D08EC35D2E768F888C780
                                              Function 00007FFAAC9F4C4D Relevance: .1, Instructions: 139COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6ebe32a0966bf5c11dc156fba2d6305763e63404fe6085c5b4ee635501aa47a6
                                              • Instruction ID: f7d6f6ce2dddc9f6ffc9855c18091bdab498f46ac2154178eda440f2d8975a70
                                              • Opcode Fuzzy Hash: 6ebe32a0966bf5c11dc156fba2d6305763e63404fe6085c5b4ee635501aa47a6
                                              • Instruction Fuzzy Hash: DD314A34A1DB4A4FF35A973888552797BD0EF46311F4481BFE48EC3193CD29A84683D1
                                              Function 00007FFAACA007BA Relevance: .1, Instructions: 138COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 24651f3470e8756e8f44ba91e799941ccb4006605e274e7c9b3d48cc7735c209
                                              • Instruction ID: 3ad2ff15039e33ba93d498c00316869003f26c9479503b910fc1f8eb23131c3d
                                              • Opcode Fuzzy Hash: 24651f3470e8756e8f44ba91e799941ccb4006605e274e7c9b3d48cc7735c209
                                              • Instruction Fuzzy Hash: F841D27194D7869FE3A75B7094542B07FE1FF53360F4940FFC08A8A092EA6C988AC791
                                              Function 00007FFAAC9F2A6D Relevance: .1, Instructions: 135COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f3e28603ae3e3f5007e9fc8a46c0f4cf4791f46845ab8cf93a5da8d3490fc91d
                                              • Instruction ID: 6af8cff2c6b464e5e0ddd6d4daf7918d719526199bd202ccd663e4059e8c79a0
                                              • Opcode Fuzzy Hash: f3e28603ae3e3f5007e9fc8a46c0f4cf4791f46845ab8cf93a5da8d3490fc91d
                                              • Instruction Fuzzy Hash: 0C31E421B0EF4A8FF7A69B6C58996743BE1DF5A321B0540BAD84CC72A7DC19DC4683D0
                                              Function 00007FFAAC9FA285 Relevance: .1, Instructions: 131COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 541ee160c33241a68e19b1f39e64d4e43fb10801d9d0bb743f60318f6cd9b8b5
                                              • Instruction ID: 6e732d8b11ab248ab674e929bc84281ec45ce35adc2029689715db29fab108a0
                                              • Opcode Fuzzy Hash: 541ee160c33241a68e19b1f39e64d4e43fb10801d9d0bb743f60318f6cd9b8b5
                                              • Instruction Fuzzy Hash: 4B41227081DB82CFF791DB288855461BBE1FF56310B1846BDD08EC3992DE24F80A87D2
                                              Function 00007FFAAC9FA185 Relevance: .1, Instructions: 122COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 81fd8513de525b0c124546bda1fd8f776304acb83d516eb42e41c377c2e1466f
                                              • Instruction ID: cfafa125acd74dc7410fbeda8fd4bbcc9a6cd830c08cf1d3a251894645775b19
                                              • Opcode Fuzzy Hash: 81fd8513de525b0c124546bda1fd8f776304acb83d516eb42e41c377c2e1466f
                                              • Instruction Fuzzy Hash: FA31F9B261CAC95FEB5DAA2898459F93BD0EBA5310F0440AFF44FC39D3DD25A8068385
                                              Function 00007FFAACA07CD8 Relevance: .1, Instructions: 120COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4292600fc13bd51ba2c59da7e2db6ad26aaae99b4d03d3e109f90050c9fba74a
                                              • Instruction ID: e7807316667e2e89dce49468ec0537d31a44690db587396f050a378ee6fad9d8
                                              • Opcode Fuzzy Hash: 4292600fc13bd51ba2c59da7e2db6ad26aaae99b4d03d3e109f90050c9fba74a
                                              • Instruction Fuzzy Hash: 3531D43061EB458FE796EB3894945707BE1FF9A314B5440FEC04DCB292E92AD846C741
                                              Function 00007FFAAC9F65E1 Relevance: .1, Instructions: 118COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 652a2c559dae235358119a947388ce9b716140183323b8d020ed5db908019685
                                              • Instruction ID: 52a878dc2c5711c59f3103334f508b9e61edb7f46e9775f161bb57f93c312692
                                              • Opcode Fuzzy Hash: 652a2c559dae235358119a947388ce9b716140183323b8d020ed5db908019685
                                              • Instruction Fuzzy Hash: EE212B29B1AB06CFFAA55B6C68553B523D1DF96211B1440BFE00CC328ACD19EC4A43C1
                                              Function 00007FFAAC9F5B2A Relevance: .1, Instructions: 114COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 11050ea98fa738b2b466aff402e71d2fb487a7e0423ceaa701d9dabb04d362f7
                                              • Instruction ID: ecd6656198f6e55e769fde1aa35ee6ab7cc9d4b740f6fee46e9f13013efe6205
                                              • Opcode Fuzzy Hash: 11050ea98fa738b2b466aff402e71d2fb487a7e0423ceaa701d9dabb04d362f7
                                              • Instruction Fuzzy Hash: 21313A6291CB815FF75C972898499BA7BD0EF95311F0480AFE04FC3993DD28E40A8786
                                              Function 00007FFAACA03B25 Relevance: .1, Instructions: 111COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fbd70e2020cf27bd4326fc8fd74cc8b130e77fed69b448afc485c841277a9a78
                                              • Instruction ID: a62bc3d4ffe69ff8c105f9fcf54a0b3b05840660e1f8dbb3cb8e1719efb28516
                                              • Opcode Fuzzy Hash: fbd70e2020cf27bd4326fc8fd74cc8b130e77fed69b448afc485c841277a9a78
                                              • Instruction Fuzzy Hash: 8F313A3152F747DEFAE5931D68415753BC2EF43399B8880BAD04DCA492EE4CEA4983C2
                                              Function 00007FFAACA06430 Relevance: .1, Instructions: 110COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0274e034abeccbcd9c5a365b78c71ff38f0104e629d8e8f9473297200f1e2e76
                                              • Instruction ID: bcf13e512bb316b5d1725bb7913749e742c130dd07cd876012ee757c590f5e03
                                              • Opcode Fuzzy Hash: 0274e034abeccbcd9c5a365b78c71ff38f0104e629d8e8f9473297200f1e2e76
                                              • Instruction Fuzzy Hash: 6B319470719E5A8FEBA4EB1DD085A72B3E2FF59300B504179E44EC3651EE25FC458B80
                                              Function 00007FFAAC790668 Relevance: .1, Instructions: 110COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9cf34a3390c692dd9f6da9dd3035b0971d0833354ea8633ad5dbcdbcb953c9ae
                                              • Instruction ID: d22936ad029d89d8de241b381a1572df2458ee9f818206492b30f1238bb934a9
                                              • Opcode Fuzzy Hash: 9cf34a3390c692dd9f6da9dd3035b0971d0833354ea8633ad5dbcdbcb953c9ae
                                              • Instruction Fuzzy Hash: F431E621909BCA8FF386DB2CC444A657FF1EF9A340B1480F6D04DCB2A3CE289889C351
                                              Function 00007FFAAC7907FA Relevance: .1, Instructions: 108COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9fde8f8750904cbe78d9734abef656b4914ad24a750b02423d406286ae46a03c
                                              • Instruction ID: 2e52ef0be55f4a256d0d95452241a9235a08bde185829c7edbe36de25f8877d2
                                              • Opcode Fuzzy Hash: 9fde8f8750904cbe78d9734abef656b4914ad24a750b02423d406286ae46a03c
                                              • Instruction Fuzzy Hash: 0831EA735492569FF322777CF8666D93760EF42229B498173D08CCF5D3EE18684A82C5
                                              Function 00007FFAAC9F51A0 Relevance: .1, Instructions: 105COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 53e9d74952522f353c9d230b76021aa17d12cb523c0bf7a215a23dced3f9ba22
                                              • Instruction ID: b091e2c0be2b61b6c3e7154efbf63d402d43750cb3a1b2f670370138634d024f
                                              • Opcode Fuzzy Hash: 53e9d74952522f353c9d230b76021aa17d12cb523c0bf7a215a23dced3f9ba22
                                              • Instruction Fuzzy Hash: 0321BA35B0EB06CFFAA4E72C69512B46392EF8A260F5481BED44DC72D5DE59EC4983C0
                                              Function 00007FFAAC9F3A4D Relevance: .1, Instructions: 104COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d70623546b428e9bd76748d9f4f95fc72803537a9ceb4d0e0e4a625d9675b452
                                              • Instruction ID: b717c95369be83ee0808942b2f94ce87774c580ab949ec0748833ea07c4edb8a
                                              • Opcode Fuzzy Hash: d70623546b428e9bd76748d9f4f95fc72803537a9ceb4d0e0e4a625d9675b452
                                              • Instruction Fuzzy Hash: 5521D765B2DB498BFB98DB6DAC646B83BD1FF9A704F0540BAE14DC3292DD18D80582C1
                                              Function 00007FFAAC9F5F23 Relevance: .1, Instructions: 103COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c2efb664d37ff9388fc76eea50994acde4ccb6910a816cfbe5f41d9e8b2c0f8b
                                              • Instruction ID: f8ce8057cfa7dede96f6e20efd8f9c618eb3c4bb01e92aa11ca07aa0dec48604
                                              • Opcode Fuzzy Hash: c2efb664d37ff9388fc76eea50994acde4ccb6910a816cfbe5f41d9e8b2c0f8b
                                              • Instruction Fuzzy Hash: 7F316E31619B09CFFAA4EB18D485B61B3E1FF59310B1485A9D04EC7692DE29F886CBC1
                                              Function 00007FFAAC9F54B8 Relevance: .1, Instructions: 103COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c00b89bbdb13d0d7190c1fa908657e91900ae9a3136421abb94af6ea6cb8442d
                                              • Instruction ID: e921e176b07840a85543dbe39a37a77c66fc781ffdf21f3ea192cfb8644d5d86
                                              • Opcode Fuzzy Hash: c00b89bbdb13d0d7190c1fa908657e91900ae9a3136421abb94af6ea6cb8442d
                                              • Instruction Fuzzy Hash: 07218134519B099FFA69DB68C949B7137D2FF5A710F04416DD48EC3692CE64FC4986C0
                                              Function 00007FFAAC9F51A5 Relevance: .1, Instructions: 99COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ed687b2bd60993959b9cf4b960269f98134bdf3b291afebc728c7b3cc60d013e
                                              • Instruction ID: c715a075bced631bd62bb44857c50ed0c6f54afcf7eefc897b99371cb653e8f5
                                              • Opcode Fuzzy Hash: ed687b2bd60993959b9cf4b960269f98134bdf3b291afebc728c7b3cc60d013e
                                              • Instruction Fuzzy Hash: AE31B338619B05CFEBA5DB29C480A71B3E1FF99314B14457DC44EC7695CA25F885CBC0
                                              Function 00007FFAAC9F5B50 Relevance: .1, Instructions: 98COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 459f0688ea8b1aff3ca7b1c661045ff06627659e65d0f220c11b700b4bb8def2
                                              • Instruction ID: f7bcf5f3d06daaeb0959144c5125e6069b07a4f35967c46575042de89e9391d3
                                              • Opcode Fuzzy Hash: 459f0688ea8b1aff3ca7b1c661045ff06627659e65d0f220c11b700b4bb8def2
                                              • Instruction Fuzzy Hash: 8F21F772A1CA855FE75CA62C944A9BA77D0EBD9314F40406EF08FC3997DE24E8064786
                                              Function 00007FFAACA075B6 Relevance: .1, Instructions: 97COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 122f1110c888c5889ca0ba2723bef49d64db6c3392179e0b3a82a1115fd5a7bc
                                              • Instruction ID: d5611b06abae20a7f5f90d49f2f8cbeaae9c20ee66459d90b7e865154fb77261
                                              • Opcode Fuzzy Hash: 122f1110c888c5889ca0ba2723bef49d64db6c3392179e0b3a82a1115fd5a7bc
                                              • Instruction Fuzzy Hash: 2121D972E2D959DFFBD5D76C58142F837D2EF5A746F0440AAE00EC3582EE24D80582C1
                                              Function 00007FFAACA03A68 Relevance: .1, Instructions: 96COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3b67984100210c2be84512e66018dac1597d45ea58675364482ec6f668c39f9d
                                              • Instruction ID: 40ba3b0b39ca64a853d3d92898599f007abd15dc48dd3b178584a66f2f33bb5a
                                              • Opcode Fuzzy Hash: 3b67984100210c2be84512e66018dac1597d45ea58675364482ec6f668c39f9d
                                              • Instruction Fuzzy Hash: 1C214C31A1DF089FF688A71CA84A47A77D1EB99250B00423FE44EC3252EE25EC4647C2
                                              Function 00007FFAAC9F40D0 Relevance: .1, Instructions: 89COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9e197d490a7533f4d282e3600e0dd932e7cc9e400c0eacbb7be0447677799cf8
                                              • Instruction ID: 83c847f25496cd8353047630016b4ebfbef0cfd40ad17a9eb77798b6afdfe873
                                              • Opcode Fuzzy Hash: 9e197d490a7533f4d282e3600e0dd932e7cc9e400c0eacbb7be0447677799cf8
                                              • Instruction Fuzzy Hash: 8821F622A1EB0D8EF750BB286C48376B3C0EB9A225F54467AD84DC2185DE5DD88587C1
                                              Function 00007FFAAC9F6600 Relevance: .1, Instructions: 88COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7267509c7c98717619fb2d551fe8f449c26d6064032cbbeeb902ab08f8efa3a3
                                              • Instruction ID: 2499fff883102133871aab5ad880efd5c535c218b2c39cc583dd5f59279ae037
                                              • Opcode Fuzzy Hash: 7267509c7c98717619fb2d551fe8f449c26d6064032cbbeeb902ab08f8efa3a3
                                              • Instruction Fuzzy Hash: 1411B428B1AF06CBFEA49B6D585577963D2EF99314B5480BFE00DC32C9CD19EC4A42C1
                                              Function 00007FFAAC9FDB30 Relevance: .1, Instructions: 82COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a4ea8e90fd33ccfe770c72d422c003164f60f299095c5b3cd81230f6d15507f2
                                              • Instruction ID: e0e0193bef07603690441b3b3ab9d1dbb308d2797265aae63e35ca2dc92ec5cc
                                              • Opcode Fuzzy Hash: a4ea8e90fd33ccfe770c72d422c003164f60f299095c5b3cd81230f6d15507f2
                                              • Instruction Fuzzy Hash: CD11F63161D6099FFB9CDB18D889BB672D2EB82351F10817ED04FC6182DE25EC46C2C0
                                              Function 00007FFAAC9F40B8 Relevance: .1, Instructions: 79COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 02e6764caa849603f09dc9d866262c780a74185e3edfb563c67f258c40989e69
                                              • Instruction ID: d3b66aae40d927e2c39ba4547bee093d23ca03b8ffe8564d44bac9b612346392
                                              • Opcode Fuzzy Hash: 02e6764caa849603f09dc9d866262c780a74185e3edfb563c67f258c40989e69
                                              • Instruction Fuzzy Hash: 0221C935A19B0A8FF7649F2888806767391EF95354F14C579D40EC7686CE34E84AC7C0
                                              Function 00007FFAAC9FCF54 Relevance: .1, Instructions: 70COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a3cdbf1b361a4e98e792b4523bd54b80de1d5ef80117c8e78146a43d1ad646ca
                                              • Instruction ID: 6cbdd4854eedeec0b8ad87392430e4165a6f63746ec9f6072082a009989ed64f
                                              • Opcode Fuzzy Hash: a3cdbf1b361a4e98e792b4523bd54b80de1d5ef80117c8e78146a43d1ad646ca
                                              • Instruction Fuzzy Hash: 0311E735A09B4A8FFB65DF3884905767792EF95204B04C179D04EC7696CE38E81AC3C0
                                              Function 00007FFAAC9F5C21 Relevance: .1, Instructions: 70COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e0825adee5ae27b121329e6c414e96100c417da09408c350866a0edf998bb22f
                                              • Instruction ID: addab75b7f7172f787d46e3a59ff5230f4ca0f8701410cb37d99e5aed6722dba
                                              • Opcode Fuzzy Hash: e0825adee5ae27b121329e6c414e96100c417da09408c350866a0edf998bb22f
                                              • Instruction Fuzzy Hash: 6511066440E7CA8FFB16A7258C689723FA49F13210F1841EFC04ACB0A3D918E849C391
                                              Function 00007FFAAC79AF53 Relevance: .1, Instructions: 69COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9e3102673aa5cd82f5fcc313d05626cbfd66cc7905ff5ede93eee4def3212a54
                                              • Instruction ID: 51062310663a6a45802f72c1b8f62c8579e6440c5f3cad5afdbbdc60f03c6dd3
                                              • Opcode Fuzzy Hash: 9e3102673aa5cd82f5fcc313d05626cbfd66cc7905ff5ede93eee4def3212a54
                                              • Instruction Fuzzy Hash: 8D11D351E1BA068FF7E4E71884516B922A2DF96320F55C679D00EE76E2DD1EEC0943C0
                                              Function 00007FFAACA014AA Relevance: .1, Instructions: 66COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a2a92aab492b0fd0a539212dc06ee67d58395923f4b782607f4a563a95858d4a
                                              • Instruction ID: f8c4f8e1d92408ae7f64d962b459b1e251e8300ceaee1a722fd74d0cb27022cc
                                              • Opcode Fuzzy Hash: a2a92aab492b0fd0a539212dc06ee67d58395923f4b782607f4a563a95858d4a
                                              • Instruction Fuzzy Hash: 95118230618A09CFEFA8DB68D450E7273E1FBA5314B2045ADD04FC7691DA36F846CB80
                                              Function 00007FFAAC79473F Relevance: .1, Instructions: 64COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 90106ecabebfebe4381e3e721ce55ed9b19acdca3588fe126d10021722e80c8d
                                              • Instruction ID: 76927fbddd0aeae89088d2db5806f0a5943bd9cc693c5b013c6d7efc093e5221
                                              • Opcode Fuzzy Hash: 90106ecabebfebe4381e3e721ce55ed9b19acdca3588fe126d10021722e80c8d
                                              • Instruction Fuzzy Hash: 0F01F7B254E20C5EF72CAA55FC076F973A4FB83130F00102FE08E82412E61779678794
                                              Function 00007FFAAC790810 Relevance: .1, Instructions: 63COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 04a3328845f75cc2e099c0022a9d83ed912a13e4cc6b808f2982bd99c753fbce
                                              • Instruction ID: ad04f2a4dfb37bde5dd5a98611d88762cac45b8aea37d23dd19bdf364e11cdd5
                                              • Opcode Fuzzy Hash: 04a3328845f75cc2e099c0022a9d83ed912a13e4cc6b808f2982bd99c753fbce
                                              • Instruction Fuzzy Hash: 79110B6390D3929FF762A77CF8765E53B609F4221DF0881B3D48CCE593ED18A45982C5
                                              Function 00007FFAAC9FD139 Relevance: .1, Instructions: 62COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0b21f8f8830614012320a3785d4b653fe89c142ca64d4a54378f9ea813a49164
                                              • Instruction ID: 1c9993c13a13dfe3eeb6cb1512930c106ed92df0da674df1f5fe74e0e3f57e7d
                                              • Opcode Fuzzy Hash: 0b21f8f8830614012320a3785d4b653fe89c142ca64d4a54378f9ea813a49164
                                              • Instruction Fuzzy Hash: 4511252671EB858FE758D72C88591207BE1FB9A30071446EAD04DCB2A7DA24EC0983C1
                                              Function 00007FFAAC9FA457 Relevance: .1, Instructions: 62COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 19346c9d3267c842e056b60c3e957007f113c79215444fab9bf81b07c6133479
                                              • Instruction ID: 536bf339150ee39c3006903d8390eae261e2599b73e29b2dbee20f36248f8df7
                                              • Opcode Fuzzy Hash: 19346c9d3267c842e056b60c3e957007f113c79215444fab9bf81b07c6133479
                                              • Instruction Fuzzy Hash: D111C236A08B198FEB64DB1998455FAB7E2FFD5325F00463AD58EC3680DF25E44987C0
                                              Function 00007FFAAC794783 Relevance: .1, Instructions: 62COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5be2d79eb41ff1278955fcc90337b94c3ac1e6ad4d40b14bbd05d6e2c4ae76e5
                                              • Instruction ID: ef82cd26c3feb16b24b14be6e77b3821bd7c62c63d171d6710715ed3972a18d0
                                              • Opcode Fuzzy Hash: 5be2d79eb41ff1278955fcc90337b94c3ac1e6ad4d40b14bbd05d6e2c4ae76e5
                                              • Instruction Fuzzy Hash: 0701446104E3C82FE71A6725AC178F67F68DA83250B0502DFE4C9CA053E0466F3A8372
                                              Function 00007FFAAC799F7E Relevance: .1, Instructions: 62COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d439d8a6a0f15c12fec4bd5d93435d633539844f30abe4e5b0de9b3e8574d4cb
                                              • Instruction ID: eaaf43d0d95e1797f5a7a5e49e1b6198c32246925384719e3d5416074a1ae5e7
                                              • Opcode Fuzzy Hash: d439d8a6a0f15c12fec4bd5d93435d633539844f30abe4e5b0de9b3e8574d4cb
                                              • Instruction Fuzzy Hash: D2111231A085498FEB84EF54C460E6933B2FF59304F158578D45ECB296CE39EC56CB81
                                              Function 00007FFAAC9F3812 Relevance: .1, Instructions: 59COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 90da93711f3807dc178fd9f94d378c5c9ff4ceb8272e07bc0253bca3bfd411d4
                                              • Instruction ID: 629d560625a1050bb2a5dcb1688fc577b51e2f5abfa0c3a72e98795bf38a254e
                                              • Opcode Fuzzy Hash: 90da93711f3807dc178fd9f94d378c5c9ff4ceb8272e07bc0253bca3bfd411d4
                                              • Instruction Fuzzy Hash: 7601523060DA8E8FDB95E72C98696247FE5EF9621170941E7D00CCB267DA18DC49C7D1
                                              Function 00007FFAAC79AE84 Relevance: .1, Instructions: 54COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 81307a5de94598ebf7c26412142fbe077af6f5e8de04e226b059e5d8c1d06059
                                              • Instruction ID: de5124c8fd43f9df7c1712bb12ea284117a5cce52d256b7017ccb8ac7f88e067
                                              • Opcode Fuzzy Hash: 81307a5de94598ebf7c26412142fbe077af6f5e8de04e226b059e5d8c1d06059
                                              • Instruction Fuzzy Hash: A9019271A09A4ACFEBE4DF18C894A6533E1FF59300B5185B9D40DD72A6CA2AFC1687C0
                                              Function 00007FFAAC9F64FD Relevance: .1, Instructions: 52COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 98841c8d4d53d791618e99880d6f0d031be120c39713a66dae353698bf7755de
                                              • Instruction ID: 4db041024afbd009988e0403b8fe315133decfdb2b4894ac125b8ea08c089bde
                                              • Opcode Fuzzy Hash: 98841c8d4d53d791618e99880d6f0d031be120c39713a66dae353698bf7755de
                                              • Instruction Fuzzy Hash: 3401F735919B49CFEB95D72CC895A6077E0FF5531470805AEC44DC7291CE22EC46C7C1
                                              Function 00007FFAACA06420 Relevance: .1, Instructions: 52COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 71d7edfd2d2aa6493df0eaf32b341500d4eb310155c06eb5d7d053c7d3a6af5d
                                              • Instruction ID: 428fa1a9f12c788a0f366c67ae229340ce26c1d68e51f3ea97995074a2935022
                                              • Opcode Fuzzy Hash: 71d7edfd2d2aa6493df0eaf32b341500d4eb310155c06eb5d7d053c7d3a6af5d
                                              • Instruction Fuzzy Hash: 44018431A2E7859FF786977854981752BA1EF5B21071980FBD04CCB2E6D808DC0E8391
                                              Function 00007FFAAC9FDC10 Relevance: .1, Instructions: 51COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1ff73f7d6a8bff2944f04a71b450b8ab94ea26ac02f01663bdbecc39f69f7b5d
                                              • Instruction ID: 7e9e38e6e21a4349b7c4923aac1bb28c53ff4c2e2502f77142eb91570d63641d
                                              • Opcode Fuzzy Hash: 1ff73f7d6a8bff2944f04a71b450b8ab94ea26ac02f01663bdbecc39f69f7b5d
                                              • Instruction Fuzzy Hash: E4112E28819B9589FB6597689485375BBD09F17308F0888ADD48E866C3CA9DFC8DD3C1
                                              Function 00007FFAACA006D1 Relevance: .0, Instructions: 50COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6ead72c5b89d6a0047a1a65a83a71964beada3f849298dc0f30c21c8585ffba0
                                              • Instruction ID: 9ec79cf26c37f908dd2eb4c16b5a895cc27ce2a7b729ca241379a0b3a3fd71c8
                                              • Opcode Fuzzy Hash: 6ead72c5b89d6a0047a1a65a83a71964beada3f849298dc0f30c21c8585ffba0
                                              • Instruction Fuzzy Hash: 3DF0D60191DFD25EF7F7536924542B92FD1AB22251F8914EAC4CDC59C2E94CE8CA8382
                                              Function 00007FFAACA07FD0 Relevance: .0, Instructions: 49COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8bed62c7455bf3d6fe4d085f6fa220b74672c0962a91fd2ac1345debe4d9462e
                                              • Instruction ID: a8c14d5a935dc67673a59f60247fb2c80cd43f9b9bddd53a6bbfceefaa9a8454
                                              • Opcode Fuzzy Hash: 8bed62c7455bf3d6fe4d085f6fa220b74672c0962a91fd2ac1345debe4d9462e
                                              • Instruction Fuzzy Hash: 0FF02B25A19A1E8FFBE8D66CB4955F036D1EF4D261B4500BAE40CC71D5F859CCD583C1
                                              Function 00007FFAAC7994B9 Relevance: .0, Instructions: 48COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 628e6adb461904a7397b6238009a563ddcc52a3aa630616d6a89d27bdb4731c8
                                              • Instruction ID: 204cefb5070e235fdecd0289b0a64beca6ef974c93ae57c157a4d2ed16947cb4
                                              • Opcode Fuzzy Hash: 628e6adb461904a7397b6238009a563ddcc52a3aa630616d6a89d27bdb4731c8
                                              • Instruction Fuzzy Hash: 84019E20E1A44A8FF7C4A7648816AB923B1EF06310F4582B9C81EE71D2DE2DE88957C1
                                              Function 00007FFAAC9F3830 Relevance: .0, Instructions: 47COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c49d18b99cb1c08b72f9162387920978d4f3c7061a56ddfdc88c641332292f0a
                                              • Instruction ID: 28c8e0f918479a3c6acd75c986931141bc7733b32073154da7311794fe9328b2
                                              • Opcode Fuzzy Hash: c49d18b99cb1c08b72f9162387920978d4f3c7061a56ddfdc88c641332292f0a
                                              • Instruction Fuzzy Hash: 64F03A30704C0E8F9A94F71CE858B2973E6FFA931171901A2E40DC7269DE24DC41C7C0
                                              Function 00007FFAACA0013D Relevance: .0, Instructions: 46COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d106e829db0874d55d2b6e6431f7452b828baac0dde1406d25c3c195b519ba8a
                                              • Instruction ID: bb0b07cd0887ddced0f7aad1e10d4041df690becaf3ece39cc75b9b61efef9fc
                                              • Opcode Fuzzy Hash: d106e829db0874d55d2b6e6431f7452b828baac0dde1406d25c3c195b519ba8a
                                              • Instruction Fuzzy Hash: 2001846051F6C6AFFB52937498195757F919F1724070940FEC48ECB193E809C88AC351
                                              Function 00007FFAAC79961F Relevance: .0, Instructions: 45COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ad4632a5ff928dc7247f2eead90b6414b879ad7f93a74807b05b4c1f2ddd4080
                                              • Instruction ID: 3a0a6b150fbb0ce74cb611f0257d5b0585376765914bd81676613689d30560a2
                                              • Opcode Fuzzy Hash: ad4632a5ff928dc7247f2eead90b6414b879ad7f93a74807b05b4c1f2ddd4080
                                              • Instruction Fuzzy Hash: E8017131E0A81A8FFBD4E764C845EA933E1DF15310F4582F4D40DDB295CA2DE8849B81
                                              Function 00007FFAAC791538 Relevance: .0, Instructions: 43COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4c1a7665da68fecf4ef02288470e6b0c51d6023c18b4f31a963935f050d2a813
                                              • Instruction ID: 05ac44e29d5152ae0077d0be8fac8565839b4f1ae62438d4a48e96c82e6cd247
                                              • Opcode Fuzzy Hash: 4c1a7665da68fecf4ef02288470e6b0c51d6023c18b4f31a963935f050d2a813
                                              • Instruction Fuzzy Hash: F501D62191EA49CFF799D738442526076E1EF96610B1841FAC00DCB1B2D82DDC8583C1
                                              Function 00007FFAAC79BE2C Relevance: .0, Instructions: 43COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b45e136e93cafdb676ae72cf12199ea956a1f685b51bd47e8548376ddf9e4768
                                              • Instruction ID: 3253b7a3e739012701e7e9a8a9309e453a70d75e60aa1a268bd0a18054b18b6a
                                              • Opcode Fuzzy Hash: b45e136e93cafdb676ae72cf12199ea956a1f685b51bd47e8548376ddf9e4768
                                              • Instruction Fuzzy Hash: 49014B31E09909CFFBD4EB18D845AB833F5EF56350F0582B5940ED72A1DE29AD898BC0
                                              Function 00007FFAAC796AD1 Relevance: .0, Instructions: 43COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b53707cc70157467c5d75d1c13082285f25215e8b9f30858284f157baadaba57
                                              • Instruction ID: b0c9caa5ba8ced20b337809f0d6e9c5eb135ca4bf0f126f7a6b509fb8905c420
                                              • Opcode Fuzzy Hash: b53707cc70157467c5d75d1c13082285f25215e8b9f30858284f157baadaba57
                                              • Instruction Fuzzy Hash: 9301E531E09819CFFBD0EB18C454EA933B1EB69310F4181B5C41DD7295CE2CED859B81
                                              Function 00007FFAAC9FDB60 Relevance: .0, Instructions: 42COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ec3faf9725d31cba64bad1e1bd951f872c40d3d4c20f7a23bd48617018e26287
                                              • Instruction ID: c4b35e63082395398d02d71c5bcace891725c0b403e424a00abd28b9e04cae6f
                                              • Opcode Fuzzy Hash: ec3faf9725d31cba64bad1e1bd951f872c40d3d4c20f7a23bd48617018e26287
                                              • Instruction Fuzzy Hash: 87F0313472990EDFFA94EB2CC44193173D1EB1A344B6481A8D00FC7192E915E84AC780
                                              Function 00007FFAAC794AF9 Relevance: .0, Instructions: 42COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 77422cafafe8d467d780023179419a17baf500af7279402f9258f95d6aa32d60
                                              • Instruction ID: cb05fb99ce5a30117a33b2ef684375e1c48af194d0dd42b188e4a01fb0569276
                                              • Opcode Fuzzy Hash: 77422cafafe8d467d780023179419a17baf500af7279402f9258f95d6aa32d60
                                              • Instruction Fuzzy Hash: 6EF0442060CA868FF3998B28C8847357BB2EFD6311F0481BAC04ACB1E2CD2D9849C381
                                              Function 00007FFAAC795B49 Relevance: .0, Instructions: 41COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4dd9c376e03fb7be558f33952fa49195f1aca1436d4f7a94017a09f3dbeb7093
                                              • Instruction ID: e203f45ed05da130a35d9520bedf4fb41ed56f79cd23dc21d8079b6d2e7b7bf1
                                              • Opcode Fuzzy Hash: 4dd9c376e03fb7be558f33952fa49195f1aca1436d4f7a94017a09f3dbeb7093
                                              • Instruction Fuzzy Hash: 0C01813050E6A98FF7CAAB28D450BA577B1FB47360F1441AAD45ECB1D7C92E9885C780
                                              Function 00007FFAACA06538 Relevance: .0, Instructions: 40COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a41dcbdd77db986a479ac4f639856d82d650f156bc8f01c27edc458bd632adae
                                              • Instruction ID: cb6aa56bd70b2719b03a972882ad77dce45716b4fec6959e4cdd40debd77ffa5
                                              • Opcode Fuzzy Hash: a41dcbdd77db986a479ac4f639856d82d650f156bc8f01c27edc458bd632adae
                                              • Instruction Fuzzy Hash: CFF0E971A26C0A4FB794E7AD648DAB952D2EB582607404172E40FC3595EC14EC8583C0
                                              Function 00007FFAAC9FFB2A Relevance: .0, Instructions: 39COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9cfe92bb4a944a6bc7aa7fbcb2127971a96984586adbdffb937c60d57332e830
                                              • Instruction ID: fc6840476f6bd99a095536c2041e7c719bb638a9e32d579abd333b774115f196
                                              • Opcode Fuzzy Hash: 9cfe92bb4a944a6bc7aa7fbcb2127971a96984586adbdffb937c60d57332e830
                                              • Instruction Fuzzy Hash: 52F05C3650EB0ACBFA54533A6CA13B03BC4DF52253F180276D44CC21E2D95EE889D3D0
                                              Function 00007FFAAC79138D Relevance: .0, Instructions: 39COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 46babb510940176d2e2b844da8483f7d76ec643c97cbdb27edd96a59e6c02d0d
                                              • Instruction ID: 134227e5248e377ea8bacc11cee6748631271d66661374039e58b61989f54781
                                              • Opcode Fuzzy Hash: 46babb510940176d2e2b844da8483f7d76ec643c97cbdb27edd96a59e6c02d0d
                                              • Instruction Fuzzy Hash: F8F02220A0E646CFF3A4973884147B427B2EB83320F0482B2C06EC79D3CC2DE89943C1
                                              Function 00007FFAAC79187D Relevance: .0, Instructions: 39COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d9e2cb5cb8186ace58c318f0d75a22947fd7d267a1f83b6dc6e0367878a7e134
                                              • Instruction ID: 54708d757d360bcf4f82bdbbb175ba710fb0d609e7fb2f40568cdd99da592ca2
                                              • Opcode Fuzzy Hash: d9e2cb5cb8186ace58c318f0d75a22947fd7d267a1f83b6dc6e0367878a7e134
                                              • Instruction Fuzzy Hash: 8EF06D30A0964BCFF784DB68C8459BE7BB1EB56320B044676C01DD7291EA38A54687C0
                                              Function 00007FFAAC7955F0 Relevance: .0, Instructions: 38COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 51d4315ce71a68c9f27714bda3f1035b891fd282071a097fc783317e40f0a1be
                                              • Instruction ID: 9d49f942b60160f1ad00c4bdc480c8f6145945216852d17eafe9c656a4886038
                                              • Opcode Fuzzy Hash: 51d4315ce71a68c9f27714bda3f1035b891fd282071a097fc783317e40f0a1be
                                              • Instruction Fuzzy Hash: 2AF0A47190851BCFFB88DB98C859EBD7BB2EB51310F04467BC019D72E2CE7999898780
                                              Function 00007FFAAC7987F8 Relevance: .0, Instructions: 38COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 62b8fd9718bdc5443f58df60275467256bedb3014e870dd13387be09d0cac8fe
                                              • Instruction ID: a54bf624833de7a84c521e7ab803ff7ca74d96cf4c93723adf3bf74e07b5d794
                                              • Opcode Fuzzy Hash: 62b8fd9718bdc5443f58df60275467256bedb3014e870dd13387be09d0cac8fe
                                              • Instruction Fuzzy Hash: B8F03121A1A94ACFFBD8EB288454A7822B2FF59304F1451B8D40ED7292DE39ED558780
                                              Function 00007FFAAC9F533D Relevance: .0, Instructions: 37COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f59300e127dd5ec5c76aa41f4f15b463ae279ac753cf4a367921f3bd51b7427e
                                              • Instruction ID: 1a55c0c3c59ba6cf8ed56064f4de4e796e1bdf39b9bfe51de777361224adae9d
                                              • Opcode Fuzzy Hash: f59300e127dd5ec5c76aa41f4f15b463ae279ac753cf4a367921f3bd51b7427e
                                              • Instruction Fuzzy Hash: F2F09735E0EB4EDAFA70932D59405F82791DF87310B84407AC00CC2296CD8EE88E83C1
                                              Function 00007FFAAC79CB43 Relevance: .0, Instructions: 35COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 918aed099435b29797ecf80637c81f73a947006d170bdcb761ec0e5f8680df13
                                              • Instruction ID: c76cfb478c31b2127540f6734783876be2451b6124bd1ea52579fcb235bf8a10
                                              • Opcode Fuzzy Hash: 918aed099435b29797ecf80637c81f73a947006d170bdcb761ec0e5f8680df13
                                              • Instruction Fuzzy Hash: E4F09065A09A468FFBE4CF089850AA56BB1EFA7340F448475D40DD7291DA2EFC4947C4
                                              Function 00007FFAAC799306 Relevance: .0, Instructions: 34COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0a3f9935d15ea780890547f7fd562bffd2883be710773e817544bd8626422fab
                                              • Instruction ID: 1ae987885eecbe0ad247eaf0d3f3ecf94dd53d5232426d2096b30853c6f0ca14
                                              • Opcode Fuzzy Hash: 0a3f9935d15ea780890547f7fd562bffd2883be710773e817544bd8626422fab
                                              • Instruction Fuzzy Hash: F6F09630E0A40A8FFBD5F764C411AA972B1EF56300F4182B5C40DC72D5DE2DE9855BC1
                                              Function 00007FFAAC799E87 Relevance: .0, Instructions: 30COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cdc290d342109645a6571c18b19281e62b92ab7d0daad3f108f3ba668040674f
                                              • Instruction ID: 08e7a5a649e0d3c0f424f2334e28519a0b5d009b680fc3d657a81cf81c8b6785
                                              • Opcode Fuzzy Hash: cdc290d342109645a6571c18b19281e62b92ab7d0daad3f108f3ba668040674f
                                              • Instruction Fuzzy Hash: 7CF05E31E095198FFBC4FB14C450AA832A1EF5A310F4182B5881DD72D1DE2EEC5597C1
                                              Function 00007FFAAC7997B5 Relevance: .0, Instructions: 30COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 20953727d40c4820fa3d79cd1efe3090217c7748fb9af42fe673ee72f2fba11a
                                              • Instruction ID: be59a549598dd603803bb49bd699d717028326c72754444a59aa6d2937ded13b
                                              • Opcode Fuzzy Hash: 20953727d40c4820fa3d79cd1efe3090217c7748fb9af42fe673ee72f2fba11a
                                              • Instruction Fuzzy Hash: FCF09A21E0A4198FFBC0EB00C414BA832B1EB19310F4282B5C80ED72D4DE2DED848BC1
                                              Function 00007FFAAC794D36 Relevance: .0, Instructions: 29COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 202488806bb888c6ee967757f40e780d1ea9d895219772e92d2e63cbe99c04a0
                                              • Instruction ID: a5827c941b7bfc5f54a8d5bacc57bb01c17f05f10453da8678de44b2d453bbbe
                                              • Opcode Fuzzy Hash: 202488806bb888c6ee967757f40e780d1ea9d895219772e92d2e63cbe99c04a0
                                              • Instruction Fuzzy Hash: 47F0823020D6458FF3599724D8507657BB2EB97350F2440BAC05BCB5E2CD2DA859C795
                                              Function 00007FFAAC79172F Relevance: .0, Instructions: 29COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 57a139883063cb7d4c83094d96f74475f16f8311edff5dc8e567f77dcf2cbdc8
                                              • Instruction ID: 6fe14c4bae5a5a2b392165f82c6065902de32b53b2d114cb140d73073f1780fd
                                              • Opcode Fuzzy Hash: 57a139883063cb7d4c83094d96f74475f16f8311edff5dc8e567f77dcf2cbdc8
                                              • Instruction Fuzzy Hash: 62E0DF306246088FD708DF3DC84956973E1FB5A205B8986BAA08EC7570DB2598854B42
                                              Function 00007FFAAC795BDE Relevance: .0, Instructions: 29COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b73e6baa165650b40a6c6c771568a1d139a259d1f83f687876e66ed7fb8b7fe6
                                              • Instruction ID: 55056206dad00a0cf472cb0234ad08a7d8c9c2ec09454a3e1786787f6dbb899f
                                              • Opcode Fuzzy Hash: b73e6baa165650b40a6c6c771568a1d139a259d1f83f687876e66ed7fb8b7fe6
                                              • Instruction Fuzzy Hash: 16F05E31909516CFFB94EB18C48066572B1FB46321F6042B9D45EC72D2CA39E8458BC4
                                              Function 00007FFAAC79742C Relevance: .0, Instructions: 29COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a73d5d7266bcc9d2da8923971264daa51f5e69015e7c4ae116c353a0cdc7d110
                                              • Instruction ID: e6dd14b920cc5261dedb6db3b9792205e8cb2c280c417132d8f0b011bfa44b0c
                                              • Opcode Fuzzy Hash: a73d5d7266bcc9d2da8923971264daa51f5e69015e7c4ae116c353a0cdc7d110
                                              • Instruction Fuzzy Hash: 03F01C31E095198FFB94EF6494416E873B2FF45254F1041B6D40EE7182DA3AA8668780
                                              Function 00007FFAAC9F4340 Relevance: .0, Instructions: 28COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8f49bcf82d5d01c025ea3fcf406448ab9e6f0a99156cbd293590f349861fcbbf
                                              • Instruction ID: bdefe3b440e674a7c80d60b8f8ab59574c0a56391694dc2768b53a1fc434b5a6
                                              • Opcode Fuzzy Hash: 8f49bcf82d5d01c025ea3fcf406448ab9e6f0a99156cbd293590f349861fcbbf
                                              • Instruction Fuzzy Hash: BDE04F15D4BB2A82B9B4676938451F913C08F06654B458072D80DD2595EC8DEDDA02C5
                                              Function 00007FFAACA076D5 Relevance: .0, Instructions: 28COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8a0cd6a6da65371290769b01440dc0477af8f00111b18c3385949f9e26acb7a3
                                              • Instruction ID: 6295843c1485145c105284b6951d28b7e4e72173f5e96ebf243fb9ae1c392964
                                              • Opcode Fuzzy Hash: 8a0cd6a6da65371290769b01440dc0477af8f00111b18c3385949f9e26acb7a3
                                              • Instruction Fuzzy Hash: F4E0D831869A1DCFDB84AB586C042F53791FB49349F000559D41DC3181E7359964C7C5
                                              Function 00007FFAAC79B0A6 Relevance: .0, Instructions: 27COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 449e7b4d3f9722d3e13e68f62e6ae3628ad5fd85afe23487afbc98e216ebc782
                                              • Instruction ID: 624dc2efb0f09b52c9f94474f32bfa8e7806e0fe716fdb2cd45ab5dc6891a6d7
                                              • Opcode Fuzzy Hash: 449e7b4d3f9722d3e13e68f62e6ae3628ad5fd85afe23487afbc98e216ebc782
                                              • Instruction Fuzzy Hash: 68F01730D0E429CFFBE0EB14C400BA862B1AB19305F5181B4C40E97280CE3EAC859B81
                                              Function 00007FFAAC9F49EA Relevance: .0, Instructions: 26COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 03b04544f3c380c1b1a2d9cbe233cecd1edd6bc28f31864bf55f252365e6329a
                                              • Instruction ID: ffffd8a028df8133057e7b19206da03257c55a253e65443b0db2050ae64db68a
                                              • Opcode Fuzzy Hash: 03b04544f3c380c1b1a2d9cbe233cecd1edd6bc28f31864bf55f252365e6329a
                                              • Instruction Fuzzy Hash: 57D05E22B5EB0D4B6654AA2CBC460B9B3D0E786631740473FD88EC2245EE1AF85642C9
                                              Function 00007FFAAC7957C2 Relevance: .0, Instructions: 26COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6ac0af66486bc54f41e7b5096f702a035a9a5866eeb7f8a1fc1265d654e048a6
                                              • Instruction ID: d82c50f7acd1590f00ced4b52bdee1efa9c09772b7951d05de2061fbf9643e44
                                              • Opcode Fuzzy Hash: 6ac0af66486bc54f41e7b5096f702a035a9a5866eeb7f8a1fc1265d654e048a6
                                              • Instruction Fuzzy Hash: F4E0653150D956CFFBE69724C4406A637B29B96310F1443B6C01EC7191DD6D9649C790
                                              Function 00007FFAAC9FB2DA Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9136238d502a70a4ea48180f865cb4b5d07fc1a7248b99f30cd8f13b525a48d4
                                              • Instruction ID: 94dd10e2c975366d11a5d0522b32164070ad8dfd645ef13bfd0f2bedda390415
                                              • Opcode Fuzzy Hash: 9136238d502a70a4ea48180f865cb4b5d07fc1a7248b99f30cd8f13b525a48d4
                                              • Instruction Fuzzy Hash: 71E02C09C0FB1382FAB46B282C4A0B81BC08F16604B458175C80C82892ECC9EC8902C1
                                              Function 00007FFAAC79924B Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 208c98cd5acd8c8cfecbe6e006c8fa2d8d61e532d04343c903e3fb85505ad070
                                              • Instruction ID: ff96acb87a27d16ff189b156883c0cfdcf99887eb022a624486060bd7476e5f0
                                              • Opcode Fuzzy Hash: 208c98cd5acd8c8cfecbe6e006c8fa2d8d61e532d04343c903e3fb85505ad070
                                              • Instruction Fuzzy Hash: B8E03936E09117CFFB80AB21C850AA932B5AF06310F46C6B1C82DDB2D1DE2DED4566C1
                                              Function 00007FFAAC7948AB Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9f9a89f2dd4e755b882c14359402404bd41d6171a95491f2b9206f07a905d0b9
                                              • Instruction ID: 42395046a18857c849a44c82bf38efc743059686ae7f647f95c7caaef9fbba00
                                              • Opcode Fuzzy Hash: 9f9a89f2dd4e755b882c14359402404bd41d6171a95491f2b9206f07a905d0b9
                                              • Instruction Fuzzy Hash: 28E09231A095558FF3A5A714C410F7837B2DB97320F154276C01DCB2D1CD2DA98983C0
                                              Function 00007FFAAC795A42 Relevance: .0, Instructions: 22COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f5897bb89ed1bc5878337a85fba468bcad97945edc5989c8eb5b3f7fcf613742
                                              • Instruction ID: c40df55b73add55aa4785faafd4a84ad7e5a6f5f07b5754cc66cb6fa6a566055
                                              • Opcode Fuzzy Hash: f5897bb89ed1bc5878337a85fba468bcad97945edc5989c8eb5b3f7fcf613742
                                              • Instruction Fuzzy Hash: E6E04F31509515CFFB98EB14C8809A933B1FB56321B51427DD44EC72A6CE29E8558BC4
                                              Function 00007FFAAC791280 Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 140752a351d69b8b23bfbb1adeb50cb5ce0d4b890ee3645db2a15646fb7b56da
                                              • Instruction ID: 6dc0744fcb1b0844b08ac0954448e70b0a2729bb2688f2de4d288ff51afecfef
                                              • Opcode Fuzzy Hash: 140752a351d69b8b23bfbb1adeb50cb5ce0d4b890ee3645db2a15646fb7b56da
                                              • Instruction Fuzzy Hash: E9E01A74A4810BCFFB44ABA0CC04ABE72B1FB12354F008A39C619D6280EBBDE51887C0
                                              Function 00007FFAAC79CAC3 Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 528ba888dd3c9ea037dd09623719fc2847527d6de99b07225c210eef580ec52e
                                              • Instruction ID: 38b477a782a6c108adf19122e472ec268169ef61e36197976476c6bb01df9138
                                              • Opcode Fuzzy Hash: 528ba888dd3c9ea037dd09623719fc2847527d6de99b07225c210eef580ec52e
                                              • Instruction Fuzzy Hash: ABE0EC20E1591D8FF7D4FB2888147B822F1BF49305F41C1B9D44ED3292DE29AD958BC0
                                              Function 00007FFAAC79570E Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 31e1b7f7478941dcb753486edc21a9e4bb927aa7860256ecf3ec18f889ef11e0
                                              • Instruction ID: 6338e5f027c0c6f32ce54712cd802e22fe5ba98229151712a1c20ac0fac682a9
                                              • Opcode Fuzzy Hash: 31e1b7f7478941dcb753486edc21a9e4bb927aa7860256ecf3ec18f889ef11e0
                                              • Instruction Fuzzy Hash: 77E01230909127CEFB809B94C804AFD73B2AB12354F004A35D419D62D1DBBDE5488B80
                                              Function 00007FFAAC79A4DD Relevance: .0, Instructions: 18COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ca41192c034075665bf07edf948f6c39dd0a751d4f821c0a77b913ee2a4539be
                                              • Instruction ID: 19cb5066837a88eac907a1c2e1f483c558dfd8537173bf7a182e05717cc88bcd
                                              • Opcode Fuzzy Hash: ca41192c034075665bf07edf948f6c39dd0a751d4f821c0a77b913ee2a4539be
                                              • Instruction Fuzzy Hash: D4D05E32A0D51A8FFB84EB44A8519F97370FB45279F104177D54FCB081DA1AE42683C0
                                              Function 00007FFAAC79B6AC Relevance: .0, Instructions: 16COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: afd0dc41102a1add760c38d1e8e236f566c77b1953e8edd5b100352dbd4827d3
                                              • Instruction ID: d9f7faa8a5eecf17585537b1ed3bb4b8978006f7fbbf5e051aa8adeb056267ee
                                              • Opcode Fuzzy Hash: afd0dc41102a1add760c38d1e8e236f566c77b1953e8edd5b100352dbd4827d3
                                              • Instruction Fuzzy Hash: 12D01220E098198FEBC0E714C410B6D23F1EB59300F1181B4C40DE3285CE3DFC914B81
                                              Function 00007FFAAC79AC7E Relevance: .0, Instructions: 15COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 14fb6ed1ea82d1499c969129a88a7a87b86fe292ce2a882b46c8927b17a8c066
                                              • Instruction ID: 0e7ca78188b0aa2f8759e740f4e1160d7ff6835abd13c4ac6ac9cff8674ac7d0
                                              • Opcode Fuzzy Hash: 14fb6ed1ea82d1499c969129a88a7a87b86fe292ce2a882b46c8927b17a8c066
                                              • Instruction Fuzzy Hash: 8BD05E65C0E3898FEBC2C738892A5E87BB0DF17254B1952FBC44D9B2C6DD2C08449B82
                                              Function 00007FFAACA06580 Relevance: .0, Instructions: 6COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c9365996963012b8bdc84ded27befbe5d99ad5edd1294fc8a56daf8e693ed081
                                              • Instruction ID: 5b672e8eed12de18b60203aca51307762c2977e37822f117d10b6dfcf8109ae6
                                              • Opcode Fuzzy Hash: c9365996963012b8bdc84ded27befbe5d99ad5edd1294fc8a56daf8e693ed081
                                              • Instruction Fuzzy Hash: 58B0026280412257E6357AB9E15D9D467905F01219708C671D08D8E5979D2860818645

                                              Non-executed Functions

                                              Function 00007FFAAC9F1FCA Relevance: 1.8, Strings: 1, Instructions: 522COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1453173105.00007FFAAC9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC9F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac9f0000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: ._L
                                              • API String ID: 0-1539647164
                                              • Opcode ID: 6fa370e49f9cf8990d090329b9b8e63e210c847880f513f69675b1a7dbe2c28f
                                              • Instruction ID: 84b9a7358a10e5beecedc23c22a9c676a7ddcce986a81fffdc2e09353c274ce1
                                              • Opcode Fuzzy Hash: 6fa370e49f9cf8990d090329b9b8e63e210c847880f513f69675b1a7dbe2c28f
                                              • Instruction Fuzzy Hash: 52F1D076A1DE4A8FFB9CDB2C8855A7477D2EFA5310B1481B9C40EC7692DE24EC0687C1
                                              Function 00007FFAAC794A30 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: WAVA
                                              • API String ID: 0-3959194660
                                              • Opcode ID: 778ccec33a3afd9fbdb0347801311791f1355dd54e8bb3dd95615d7f804949af
                                              • Instruction ID: 224451ae81970f8d82a5235c6271ceded42defa6fa13c3db71dd62df747990c8
                                              • Opcode Fuzzy Hash: 778ccec33a3afd9fbdb0347801311791f1355dd54e8bb3dd95615d7f804949af
                                              • Instruction Fuzzy Hash: 9011063140E3D54FE3268F718C546A3BF75EF83220F1681EBC096CB4A3D968484AC392
                                              Function 00007FFAAC7926FA Relevance: .5, Instructions: 525COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ad85d0be871576d3f0b29c77680fe2bb4e4e152259114b6f1f9bd60b03111ddd
                                              • Instruction ID: e7588bb0ec7180572aac7802e6e54e52e76f53016a5c9c9d6844d12b3da78032
                                              • Opcode Fuzzy Hash: ad85d0be871576d3f0b29c77680fe2bb4e4e152259114b6f1f9bd60b03111ddd
                                              • Instruction Fuzzy Hash: 4EE138A7A0C1226AF235B7BCF8D9DFD6758DF4133AB048677D28CCA5938D08644B42E4
                                              Function 00007FFAAC792700 Relevance: .5, Instructions: 483COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 99c6796d9b7d7761856387c090289cc667940cfe29afe845e06066d976bcab49
                                              • Instruction ID: b9c5985fc4543f5aed219c03c5e47ed84e0b3c18bd7cde44e665bf87cd847485
                                              • Opcode Fuzzy Hash: 99c6796d9b7d7761856387c090289cc667940cfe29afe845e06066d976bcab49
                                              • Instruction Fuzzy Hash: 87D127A7A0C1226AF235B7BCF4D9DFD6B54DF4133AB048677D18DCA5A38D08648B42E4
                                              Function 00007FFAAC7923FB Relevance: .3, Instructions: 266COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4953684df7f3ae7ee698bdbc4897ac8a00dea56bb2b2dc37fccf29bf13d0a865
                                              • Instruction ID: a15080ae2e5dc2ed27577fe1c6bc9c9fc4a256a26886a263e9643ea1ee68da14
                                              • Opcode Fuzzy Hash: 4953684df7f3ae7ee698bdbc4897ac8a00dea56bb2b2dc37fccf29bf13d0a865
                                              • Instruction Fuzzy Hash: D251C8AB60C1266EB224B6FDF89A9FE7708DFC02367048577D289C9593DD1450DB82F4
                                              Function 00007FFAAC791BF3 Relevance: .2, Instructions: 240COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cecfcb4ecc4205517838856f090eeceba9537fda03c21cc9833c36d0dd97a2db
                                              • Instruction ID: 1b142a379342fe5d60c9eb94bee74a03da02ccddc48928b68f5569d1e1214a37
                                              • Opcode Fuzzy Hash: cecfcb4ecc4205517838856f090eeceba9537fda03c21cc9833c36d0dd97a2db
                                              • Instruction Fuzzy Hash: 7A510477B0C5266EF324BABDF84A9E97758CF85332B088177D5C9CA093DD18605B82E4
                                              Function 00007FFAAC7906FA Relevance: 5.1, Strings: 4, Instructions: 112COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.1449192357.00007FFAAC790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC790000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_7ffaac790000_mu3JuAyrj5.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: =P_^$P_^Z$P_^f$P_^~
                                              • API String ID: 0-1914308898
                                              • Opcode ID: e24d2ea08ea3488fa3215b839d77167af7041b0763a60910a774643ec337d42d
                                              • Instruction ID: 4fcdd6f66e551f8ed8ec660684556811cf1f602b79937152effcc5bb77ff5222
                                              • Opcode Fuzzy Hash: e24d2ea08ea3488fa3215b839d77167af7041b0763a60910a774643ec337d42d
                                              • Instruction Fuzzy Hash: 3D3129A39490226BF23473FCF886AEC27489F4037AB088633D19DCA6E3DE1C744A45D5