Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SqWzv6g2gV.exe

Overview

General Information

Sample name:SqWzv6g2gV.exe
renamed because original name is a hash value
Original sample name:5538489f53de4cb1503014a2e348035a2ae5cbc2fac2d8adff67e1b2f83169e4.exe
Analysis ID:1576983
MD5:f494bcf2f1aeeea24e2051f877fa9f6b
SHA1:2611565c0cf7193a15616a4e6c7a5ed06591c737
SHA256:5538489f53de4cb1503014a2e348035a2ae5cbc2fac2d8adff67e1b2f83169e4
Tags:104-161-43-18Compilazioneprotetticopyrightexeuser-JAMESWT_MHT
Infos:

Detection

RHADAMANTHYS
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected RHADAMANTHYS Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops large PE files
Injects a PE file into a foreign processes
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
One or more processes crash
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Keylogger Generic

Classification

Process Tree

  • System is w10x64
  • SqWzv6g2gV.exe (PID: 1604 cmdline: "C:\Users\user\Desktop\SqWzv6g2gV.exe" MD5: F494BCF2F1AEEEA24E2051F877FA9F6B)
    • SqWzv6g2gV.exe (PID: 1356 cmdline: "C:\Users\user\Desktop\SqWzv6g2gV.exe" MD5: F494BCF2F1AEEEA24E2051F877FA9F6B)
      • svchost.exe (PID: 920 cmdline: "C:\Windows\System32\svchost.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
        • fontdrvhost.exe (PID: 2016 cmdline: "C:\Windows\System32\fontdrvhost.exe" MD5: BBCB897697B3442657C7D6E3EDDBD25F)
          • WerFault.exe (PID: 2280 cmdline: C:\Windows\system32\WerFault.exe -u -p 2016 -s 132 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
      • WerFault.exe (PID: 1544 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 404 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Configuration

Threatname: Rhadamanthys

{"C2 url": "https://104.161.43.18:2845/7e56fc199c7194d0/h4qwbjtf.qjde4"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000003.1580727907.0000000000D70000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
    00000003.00000003.1576338970.0000000000A20000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
      00000004.00000003.1584818462.0000000005170000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
        00000003.00000003.1579378017.0000000003100000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
          00000004.00000002.1678834360.0000000003280000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
            Click to see the 5 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            3.3.SqWzv6g2gV.exe.2ee0000.2.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
              3.3.SqWzv6g2gV.exe.2ee0000.0.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                3.3.SqWzv6g2gV.exe.2ee0000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                  4.3.svchost.exe.5170000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                    3.3.SqWzv6g2gV.exe.3100000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                      Click to see the 3 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: CurrentVersion Autorun Keys Modification
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\SqWzv6g2gV.exe, ProcessId: 1604, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DiskTuner
                      Sigma detected: Uncommon Svchost Parent Process
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\SqWzv6g2gV.exe", ParentImage: C:\Users\user\Desktop\SqWzv6g2gV.exe, ParentProcessId: 1356, ParentProcessName: SqWzv6g2gV.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 920, ProcessName: svchost.exe
                      Sigma detected: Windows Processes Suspicious Parent Directory
                      Source: Process startedAuthor: vburov: Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\SqWzv6g2gV.exe", ParentImage: C:\Users\user\Desktop\SqWzv6g2gV.exe, ParentProcessId: 1356, ParentProcessName: SqWzv6g2gV.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 920, ProcessName: svchost.exe

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-17T20:19:41.574350+010028548021Domain Observed Used for C2 Detected104.161.43.182845192.168.2.949770TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Found malware configuration
                      Source: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpMalware Configuration Extractor: Rhadamanthys {"C2 url": "https://104.161.43.18:2845/7e56fc199c7194d0/h4qwbjtf.qjde4"}
                      Multi AV Scanner detection for dropped file
                      Source: C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exeReversingLabs: Detection: 34%
                      Multi AV Scanner detection for submitted file
                      Source: SqWzv6g2gV.exeReversingLabs: Detection: 52%
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Source: SqWzv6g2gV.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                      Source: Binary string: wkernel32.pdb source: SqWzv6g2gV.exe, 00000003.00000003.1578779933.0000000003000000.00000004.00000001.00020000.00000000.sdmp, SqWzv6g2gV.exe, 00000003.00000003.1578661553.0000000002EE0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1584508925.0000000005290000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1584330513.0000000005170000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdb source: SqWzv6g2gV.exe, 00000003.00000003.1579378017.0000000003100000.00000004.00000001.00020000.00000000.sdmp, SqWzv6g2gV.exe, 00000003.00000003.1579111713.0000000002EE0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1584818462.0000000005170000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1585111325.0000000005390000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdb source: SqWzv6g2gV.exe, 00000003.00000003.1577811326.00000000030D0000.00000004.00000001.00020000.00000000.sdmp, SqWzv6g2gV.exe, 00000003.00000003.1577609543.0000000002EE0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1582612133.0000000005360000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1582267357.0000000005170000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdbUGP source: SqWzv6g2gV.exe, 00000003.00000003.1578203261.0000000002EE0000.00000004.00000001.00020000.00000000.sdmp, SqWzv6g2gV.exe, 00000003.00000003.1578404695.0000000003080000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1583377329.0000000005170000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1583745578.0000000005310000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdbUGP source: SqWzv6g2gV.exe, 00000003.00000003.1577811326.00000000030D0000.00000004.00000001.00020000.00000000.sdmp, SqWzv6g2gV.exe, 00000003.00000003.1577609543.0000000002EE0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1582612133.0000000005360000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1582267357.0000000005170000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: SqWzv6g2gV.exe, 00000003.00000003.1578203261.0000000002EE0000.00000004.00000001.00020000.00000000.sdmp, SqWzv6g2gV.exe, 00000003.00000003.1578404695.0000000003080000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1583377329.0000000005170000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1583745578.0000000005310000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdbUGP source: SqWzv6g2gV.exe, 00000003.00000003.1579378017.0000000003100000.00000004.00000001.00020000.00000000.sdmp, SqWzv6g2gV.exe, 00000003.00000003.1579111713.0000000002EE0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1584818462.0000000005170000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1585111325.0000000005390000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernel32.pdbUGP source: SqWzv6g2gV.exe, 00000003.00000003.1578779933.0000000003000000.00000004.00000001.00020000.00000000.sdmp, SqWzv6g2gV.exe, 00000003.00000003.1578661553.0000000002EE0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1584508925.0000000005290000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1584330513.0000000005170000.00000004.00000001.00020000.00000000.sdmp
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 4x nop then dec esp8_2_00000254AC2C0511

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 104.161.43.18:2845 -> 192.168.2.9:49770
                      System process connects to network (likely due to code injection or exploit)
                      Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 104.161.43.18 2845Jump to behavior
                      C2 URLs / IPs found in malware configuration
                      Source: Malware configuration extractorURLs: https://104.161.43.18:2845/7e56fc199c7194d0/h4qwbjtf.qjde4
                      Source: global trafficTCP traffic: 192.168.2.9:49770 -> 104.161.43.18:2845
                      Source: Joe Sandbox ViewIP Address: 104.161.43.18 104.161.43.18
                      Source: Joe Sandbox ViewASN Name: IOFLOODUS IOFLOODUS
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                      Source: SqWzv6g2gV.exe, DiskTuner.exe.0.drString found in binary or memory: http://%shttp://a.SharedObject.BadPersistencependingSharedObject.UriMismatch
                      Source: SqWzv6g2gV.exe, DiskTuner.exe.0.drString found in binary or memory: http://.macromedia.com/support/flashplayer/sys/https://SettingsSubdomainmms.cfgdefaultAuthorLocalSec
                      Source: SqWzv6g2gV.exe, DiskTuner.exe.0.drString found in binary or memory: http://www.macromedia.com
                      Source: SqWzv6g2gV.exe, DiskTuner.exe.0.drString found in binary or memory: http://www.macromedia.comhttps://www.macromedia.com/support/flashplayer/sys/&amp
                      Source: svchost.exe, 00000004.00000002.1678636804.000000000310C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.1677964510.00000000009BC000.00000004.00000010.00020000.00000000.sdmp, fontdrvhost.exe, fontdrvhost.exe, 00000008.00000002.2018538417.00000254AC2C0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://104.161.43.18:2845/7e56fc199c7194d0/h4qwbjtf.qjde4
                      Source: svchost.exe, 00000004.00000002.1678636804.000000000310C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000008.00000002.2018538417.00000254AC2C0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://104.161.43.18:2845/7e56fc199c7194d0/h4qwbjtf.qjde4kernelbasentdllkernel32GetProcessMitigatio
                      Source: svchost.exe, 00000004.00000002.1677964510.00000000009BC000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://104.161.43.18:2845/7e56fc199c7194d0/h4qwbjtf.qjde4x
                      Source: svchost.exe, 00000004.00000003.1603784365.00000000031A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-query
                      Source: svchost.exe, 00000004.00000003.1603784365.00000000031A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachi
                      Source: SqWzv6g2gV.exe, DiskTuner.exe.0.drString found in binary or memory: https://www.macromedia.com/bin/flashdownload.cgi
                      Source: SqWzv6g2gV.exe, DiskTuner.exe.0.drString found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 0_2_004D9AB0 GlobalAlloc,GlobalLock,GlobalUnlock,WideCharToMultiByte,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,SetClipboardData,SetClipboardData,CloseClipboard,0_2_004D9AB0
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 0_2_004D9AB0 GlobalAlloc,GlobalLock,GlobalUnlock,WideCharToMultiByte,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,SetClipboardData,SetClipboardData,CloseClipboard,0_2_004D9AB0
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_2_004D9AB0 GlobalAlloc,GlobalLock,GlobalUnlock,WideCharToMultiByte,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,SetClipboardData,SetClipboardData,CloseClipboard,3_2_004D9AB0
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 0_2_004D9C20 OpenClipboard,GetClipboardData,GetClipboardData,GetClipboardData,GetClipboardData,CloseClipboard,0_2_004D9C20
                      Source: SqWzv6g2gV.exe, 00000003.00000003.1579378017.0000000003100000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_aad230d8-c
                      Source: SqWzv6g2gV.exe, 00000003.00000003.1579378017.0000000003100000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_a6d4deb5-3
                      Source: Yara matchFile source: 3.3.SqWzv6g2gV.exe.2ee0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.SqWzv6g2gV.exe.2ee0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.SqWzv6g2gV.exe.2ee0000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.svchost.exe.5170000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.SqWzv6g2gV.exe.3100000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.SqWzv6g2gV.exe.2ee0000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.3.SqWzv6g2gV.exe.3100000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.3.svchost.exe.5390000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000004.00000003.1584818462.0000000005170000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.1579378017.0000000003100000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.1579111713.0000000002EE0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.1585111325.0000000005390000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: SqWzv6g2gV.exe PID: 1356, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 920, type: MEMORYSTR

                      System Summary

                      barindex
                      Drops large PE files
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeFile dump: DiskTuner.exe.0.dr 979567349Jump to dropped file
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 8_2_00000254AC2C15C0 NtAcceptConnectPort,8_2_00000254AC2C15C0
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 8_2_00000254AC2C1CF4 NtAcceptConnectPort,CloseHandle,8_2_00000254AC2C1CF4
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 8_2_00000254AC2C0AC8 NtAcceptConnectPort,NtAcceptConnectPort,8_2_00000254AC2C0AC8
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 8_2_00000254AC2C1AA4 NtAcceptConnectPort,NtAcceptConnectPort,8_2_00000254AC2C1AA4
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 0_2_0040A0200_2_0040A020
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 0_2_0042D3000_2_0042D300
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 0_2_0043C3C00_2_0043C3C0
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 0_2_0042D39B0_2_0042D39B
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 0_2_0042D4F90_2_0042D4F9
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 0_2_0041B4B00_2_0041B4B0
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 0_2_004206700_2_00420670
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 0_2_004166210_2_00416621
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 0_2_0045E8700_2_0045E870
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 0_2_0047DA000_2_0047DA00
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 0_2_0040ACD00_2_0040ACD0
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 0_2_00429E100_2_00429E10
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 0_2_00464EE00_2_00464EE0
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_3_007A81D23_3_007A81D2
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_3_0079C2313_3_0079C231
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_3_0079C4003_3_0079C400
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_2_0040A0203_2_0040A020
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_2_0042D3003_2_0042D300
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_2_0042D39B3_2_0042D39B
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_2_004033A13_2_004033A1
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_2_0042D4F93_2_0042D4F9
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_2_0041B4B03_2_0041B4B0
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_2_004206703_2_00420670
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_2_004166213_2_00416621
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_2_0045E8703_2_0045E870
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_2_0047DA003_2_0047DA00
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_2_0040ACD03_2_0040ACD0
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_2_00429E103_2_00429E10
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_2_00464EE03_2_00464EE0
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 8_2_00000254AC2C0C708_2_00000254AC2C0C70
                      Source: Joe Sandbox ViewDropped File: C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe 11BA48C61A24E61ECA3D3A83EC1815F0FDBFE8EBDEA5521A1C661A01DBBB96FC
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: String function: 00435140 appears 66 times
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: String function: 004C9120 appears 58 times
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: String function: 0079CD90 appears 33 times
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: String function: 00435350 appears 68 times
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 404
                      Source: SqWzv6g2gV.exeBinary or memory string: OriginalFilename vs SqWzv6g2gV.exe
                      Source: SqWzv6g2gV.exe, 00000000.00000002.1617263471.0000000000C49000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs SqWzv6g2gV.exe
                      Source: SqWzv6g2gV.exe, 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSAFlashPlayer.exe@ vs SqWzv6g2gV.exe
                      Source: SqWzv6g2gV.exe, 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs SqWzv6g2gV.exe
                      Source: SqWzv6g2gV.exe, 00000000.00000002.1617431666.0000000002782000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSAFlashPlayer.exe@ vs SqWzv6g2gV.exe
                      Source: SqWzv6g2gV.exe, 00000000.00000000.1386623960.0000000000628000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSAFlashPlayer.exe@ vs SqWzv6g2gV.exe
                      Source: SqWzv6g2gV.exe, 00000003.00000003.1578404695.00000000031AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SqWzv6g2gV.exe
                      Source: SqWzv6g2gV.exe, 00000003.00000003.1577811326.0000000003256000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SqWzv6g2gV.exe
                      Source: SqWzv6g2gV.exe, 00000003.00000003.1578779933.0000000003000000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \[FileVersionProductVersionFileDescriptionCompanyNameProductNameOriginalFilenameInternalNameLegalCopyright vs SqWzv6g2gV.exe
                      Source: SqWzv6g2gV.exe, 00000003.00000003.1579111713.0000000002EE0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKernelbase.dllj% vs SqWzv6g2gV.exe
                      Source: SqWzv6g2gV.exe, 00000003.00000003.1578779933.0000000003050000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs SqWzv6g2gV.exe
                      Source: SqWzv6g2gV.exe, 00000003.00000003.1578661553.0000000002EE0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \[FileVersionProductVersionFileDescriptionCompanyNameProductNameOriginalFilenameInternalNameLegalCopyright vs SqWzv6g2gV.exe
                      Source: SqWzv6g2gV.exe, 00000003.00000003.1579378017.00000000032E1000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKernelbase.dllj% vs SqWzv6g2gV.exe
                      Source: SqWzv6g2gV.exe, 00000003.00000003.1577609543.0000000003058000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SqWzv6g2gV.exe
                      Source: SqWzv6g2gV.exe, 00000003.00000000.1563125794.0000000000628000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSAFlashPlayer.exe@ vs SqWzv6g2gV.exe
                      Source: SqWzv6g2gV.exe, 00000003.00000003.1578203261.0000000003003000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SqWzv6g2gV.exe
                      Source: SqWzv6g2gV.exe, 00000003.00000003.1578661553.0000000002F72000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs SqWzv6g2gV.exe
                      Source: SqWzv6g2gV.exe, 00000003.00000003.1576610688.00000000007B9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs SqWzv6g2gV.exe
                      Source: SqWzv6g2gV.exe, 00000003.00000003.1580553327.00000000007B9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs SqWzv6g2gV.exe
                      Source: SqWzv6g2gV.exeBinary or memory string: OriginalFilenameSAFlashPlayer.exe@ vs SqWzv6g2gV.exe
                      Source: SqWzv6g2gV.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                      Source: SqWzv6g2gV.exe, 00000000.00000002.1617263471.0000000000C49000.00000040.00001000.00020000.00000000.sdmp, SqWzv6g2gV.exe, 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmp, SqWzv6g2gV.exe, 00000003.00000003.1576610688.00000000007B9000.00000040.00000400.00020000.00000000.sdmp, SqWzv6g2gV.exe, 00000003.00000003.1580553327.00000000007B9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: .a_po^ ojYd.o B U.R G v.Q_F& ZNH K.9.sV`OQ qOq_A( N5.j P.X z.k.Yf_HL.P.L`.C Ue_q_B_t.h{_yr\=A f.3_q_Fvb_H_bm W.UP#.by_iY.Yw I.Y_G p.3c g.Zy S v.U.N C_m Z_i.H_j B l_DH_Pd.iz_O.f~ U z_Mv_d7 T Mz.f.594/}_m kS.v.D u.rZu.S G.N_x.V J.Q.G FO^.X<.6_fv.V ny.L,_E.2.m I_l.b$ Mx sZ.K! p.Y.U.V:U.89 R_H F3.d_R A UQ.C_y y Y Jb.Q_S.N.s< l_Ab~[_w9zV?!C9.N_HQ)*_n R.tP Ww_u aU;.V EPk Xr.Q0.y.A!]_b!7 g.R_pF.E_b o.o.q.o_E.T_rdfw.c}_ck.4.Y_w:_P.B(#`_xy_i.3_Y.A_N.q.6.YE_S_T.R H n.R_d_F.V.s_R68).I aL q.H b.W.Q!.r b_w c c$_va.X_v.tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_C_Q.e J q7E V P.LP_Q.kTN_c.F.D gc.hT_s_Q1
                      Source: SqWzv6g2gV.exe, SqWzv6g2gV.exe, 00000000.00000002.1617263471.0000000000C49000.00000040.00001000.00020000.00000000.sdmp, SqWzv6g2gV.exe, 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmp, SqWzv6g2gV.exe, 00000003.00000003.1576610688.00000000007B9000.00000040.00000400.00020000.00000000.sdmp, SqWzv6g2gV.exe, 00000003.00000003.1580553327.00000000007B9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: .tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_
                      Source: classification engineClassification label: mal100.troj.evad.winEXE@9/6@0/1
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 0_2_004F9340 CoCreateInstance,0_2_004F9340
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeFile created: C:\Users\user\Videos\DiskTunerJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-f4ab12c4-c0a0-d82844-6f0e29b94802}
                      Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2016
                      Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\c1c9cc43-2f37-4efc-a987-8bec7c06152cJump to behavior
                      Source: SqWzv6g2gV.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: SqWzv6g2gV.exeReversingLabs: Detection: 52%
                      Source: SqWzv6g2gV.exeString found in binary or memory: ms-help:
                      Source: SqWzv6g2gV.exeString found in binary or memory: B_flashuseCodepageStandAloneWIN 8,0,22,0A=%b&SA=%b&SV=%b&EV=%b&MP3=%b&AE=%b&VE=%b&ACC=%b&PR=%b&SP=%b&SB=%b&DEB=%b&V=%s%s&PT=%s&AVD=%b&LFD=%b&WD=%b%20http://%s/scriptms-help:mk:ms-itss:ms-its:its:vshelp:local:shell:
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeFile read: C:\Users\user\Desktop\SqWzv6g2gV.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\SqWzv6g2gV.exe "C:\Users\user\Desktop\SqWzv6g2gV.exe"
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeProcess created: C:\Users\user\Desktop\SqWzv6g2gV.exe "C:\Users\user\Desktop\SqWzv6g2gV.exe"
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 404
                      Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                      Source: C:\Windows\System32\fontdrvhost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 2016 -s 132
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeProcess created: C:\Users\user\Desktop\SqWzv6g2gV.exe "C:\Users\user\Desktop\SqWzv6g2gV.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeSection loaded: wsock32.dllJump to behavior
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeSection loaded: k7rn7l32.dllJump to behavior
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeSection loaded: ntd3ll.dllJump to behavior
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: powrprof.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: umpdc.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
                      Source: SqWzv6g2gV.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                      Source: SqWzv6g2gV.exeStatic file information: File size 10485760 > 1048576
                      Source: SqWzv6g2gV.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x13c000
                      Source: SqWzv6g2gV.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x140000
                      Source: Binary string: wkernel32.pdb source: SqWzv6g2gV.exe, 00000003.00000003.1578779933.0000000003000000.00000004.00000001.00020000.00000000.sdmp, SqWzv6g2gV.exe, 00000003.00000003.1578661553.0000000002EE0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1584508925.0000000005290000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1584330513.0000000005170000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdb source: SqWzv6g2gV.exe, 00000003.00000003.1579378017.0000000003100000.00000004.00000001.00020000.00000000.sdmp, SqWzv6g2gV.exe, 00000003.00000003.1579111713.0000000002EE0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1584818462.0000000005170000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1585111325.0000000005390000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdb source: SqWzv6g2gV.exe, 00000003.00000003.1577811326.00000000030D0000.00000004.00000001.00020000.00000000.sdmp, SqWzv6g2gV.exe, 00000003.00000003.1577609543.0000000002EE0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1582612133.0000000005360000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1582267357.0000000005170000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdbUGP source: SqWzv6g2gV.exe, 00000003.00000003.1578203261.0000000002EE0000.00000004.00000001.00020000.00000000.sdmp, SqWzv6g2gV.exe, 00000003.00000003.1578404695.0000000003080000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1583377329.0000000005170000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1583745578.0000000005310000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdbUGP source: SqWzv6g2gV.exe, 00000003.00000003.1577811326.00000000030D0000.00000004.00000001.00020000.00000000.sdmp, SqWzv6g2gV.exe, 00000003.00000003.1577609543.0000000002EE0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1582612133.0000000005360000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1582267357.0000000005170000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: SqWzv6g2gV.exe, 00000003.00000003.1578203261.0000000002EE0000.00000004.00000001.00020000.00000000.sdmp, SqWzv6g2gV.exe, 00000003.00000003.1578404695.0000000003080000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1583377329.0000000005170000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1583745578.0000000005310000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdbUGP source: SqWzv6g2gV.exe, 00000003.00000003.1579378017.0000000003100000.00000004.00000001.00020000.00000000.sdmp, SqWzv6g2gV.exe, 00000003.00000003.1579111713.0000000002EE0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1584818462.0000000005170000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1585111325.0000000005390000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernel32.pdbUGP source: SqWzv6g2gV.exe, 00000003.00000003.1578779933.0000000003000000.00000004.00000001.00020000.00000000.sdmp, SqWzv6g2gV.exe, 00000003.00000003.1578661553.0000000002EE0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1584508925.0000000005290000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1584330513.0000000005170000.00000004.00000001.00020000.00000000.sdmp
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 0_2_004D7960 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004D7960
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 0_2_004CA770 push eax; ret 0_2_004CA784
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 0_2_004CA770 push eax; ret 0_2_004CA7AC
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_3_007AB86D push ebx; ret 3_3_007AB864
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_3_007AA840 push ebp; retf 3_3_007AA841
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_3_007AE83C pushad ; ret 3_3_007AE841
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_3_007AE80E push eax; iretd 3_3_007AE81D
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_3_007AA0F9 push FFFFFF82h; iretd 3_3_007AA0FB
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_3_007AD8A0 push 0000002Eh; iretd 3_3_007AD8A2
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_3_007A8904 push ecx; ret 3_3_007A8917
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_3_007AB1DD push eax; ret 3_3_007AB1DF
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_3_007AE586 pushad ; retf 3_3_007AE599
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_3_007A9F6A push eax; ret 3_3_007A9F75
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_3_007AB70B push ebx; ret 3_3_007AB864
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_2_004381E0 push ecx; retf 3_2_004382AC
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_2_004381A0 push ecx; retf 3_2_004382AC
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_2_004CA770 push eax; ret 3_2_004CA784
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_2_004CA770 push eax; ret 3_2_004CA7AC
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_2_00434C60 push edi; retf 3_2_00434D5F
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_2_00434CF0 push edi; retf 3_2_00434D5F
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_2_00434C90 push edi; retf 3_2_00434D5F
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_2_00434CB0 push edi; retf 3_2_00434D5F
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_2_00447D60 push ecx; retf 3_2_00447E0D
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_2_00436DB0 push ecx; retf 3_2_00436EEF
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_009F588E push eax; iretd 4_3_009F589D
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_009F58BC pushad ; ret 4_3_009F58C1
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_009F18C0 push ebp; retf 4_3_009F18C1
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_009F28ED push ebx; ret 4_3_009F28E4
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_009F6012 push 00000038h; iretd 4_3_009F601D
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_009F5606 pushad ; retf 4_3_009F5619
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_009F225D push eax; ret 4_3_009F225F
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_009F278B push ebx; ret 4_3_009F28E4
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeFile created: C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exeJump to dropped file
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DiskTunerJump to behavior
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DiskTunerJump to behavior

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Icon mismatch, binary includes an icon from a different legit application in order to fool users
                      Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (31).png
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 0_2_004D7960 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004D7960
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Switches to a custom stack to bypass stack traces
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeAPI/Special instruction interceptor: Address: 7FF90818D044
                      Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FF90818D044
                      Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 56CB83A
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                      Source: SqWzv6g2gV.exe, 00000000.00000002.1617263471.0000000000C49000.00000040.00001000.00020000.00000000.sdmp, SqWzv6g2gV.exe, 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmp, SqWzv6g2gV.exe, 00000003.00000003.1576610688.00000000007B9000.00000040.00000400.00020000.00000000.sdmp, SqWzv6g2gV.exe, 00000003.00000003.1580553327.00000000007B9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: ORIGINALFILENAMECFF EXPLORER.EXE:
                      Source: SqWzv6g2gV.exeBinary or memory string: CFF EXPLORER.EXE
                      Source: SqWzv6g2gV.exe, 00000000.00000002.1617263471.0000000000C49000.00000040.00001000.00020000.00000000.sdmp, SqWzv6g2gV.exe, 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmp, SqWzv6g2gV.exe, 00000003.00000003.1576610688.00000000007B9000.00000040.00000400.00020000.00000000.sdmp, SqWzv6g2gV.exe, 00000003.00000003.1580553327.00000000007B9000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: INTERNALNAMECFF EXPLORER.EXE
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeDropped PE file which has not been started: C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exeJump to dropped file
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeAPI coverage: 0.4 %
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: svchost.exe, 00000004.00000003.1585111325.0000000005390000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DisableGuestVmNetworkConnectivity
                      Source: svchost.exe, 00000004.00000002.1678364599.0000000003000000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: svchost.exe, 00000004.00000002.1678397486.0000000003012000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
                      Source: svchost.exe, 00000004.00000002.1678603776.000000000305C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: MSAFD RfComm [Bluetooth]Hyper-V RAWRSVP UDP Service Provider
                      Source: svchost.exe, 00000004.00000003.1585111325.0000000005390000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: EnableGuestVmNetworkConnectivity
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_3_007A9098 VirtualAlloc,LdrInitializeThunk,VirtualFree,3_3_007A9098
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 0_2_004D7960 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004D7960
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_3_007A9277 mov eax, dword ptr fs:[00000030h]3_3_007A9277
                      Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_3_009F0283 mov eax, dword ptr fs:[00000030h]4_3_009F0283
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 0_2_0052B440 GetProcessHeap,HeapAlloc,0_2_0052B440
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeProcess created: C:\Users\user\Desktop\SqWzv6g2gV.exe "C:\Users\user\Desktop\SqWzv6g2gV.exe"Jump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      System process connects to network (likely due to code injection or exploit)
                      Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 104.161.43.18 2845Jump to behavior
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeMemory written: C:\Users\user\Desktop\SqWzv6g2gV.exe base: 770000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 3_3_0079CDD5 cpuid 3_3_0079CDD5
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: GetCurrentThreadId,GetKeyboardLayout,GetLocaleInfoA,0_2_004C9670
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: GetCurrentThreadId,GetKeyboardLayout,GetLocaleInfoA,3_2_004C9670
                      Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 0_2_004CE5B0 GetSystemTime,GetTimeZoneInformation,0_2_004CE5B0
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 0_2_004CE5B0 GetSystemTime,GetTimeZoneInformation,0_2_004CE5B0
                      Source: C:\Users\user\Desktop\SqWzv6g2gV.exeCode function: 0_2_004CB0E0 GetVersionExA,0_2_004CB0E0
                      Source: C:\Windows\SysWOW64\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Yara detected RHADAMANTHYS Stealer
                      Source: Yara matchFile source: 00000004.00000003.1580727907.0000000000D70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.1576338970.0000000000A20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1678834360.0000000003280000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.1585501304.0000000000D00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

                      Remote Access Functionality

                      barindex
                      Yara detected RHADAMANTHYS Stealer
                      Source: Yara matchFile source: 00000004.00000003.1580727907.0000000000D70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.1576338970.0000000000A20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1678834360.0000000003280000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.1585501304.0000000000D00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
                      Windows Management Instrumentation                      		1
                      Registry Run Keys / Startup Folder                      		211
                      Process Injection                      		11
                      Masquerading                      		21
                      Input Capture                      		2
                      System Time Discovery                      		Remote Services21
                      Input Capture                      		1
                      Encrypted Channel                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts2
                      Command and Scripting Interpreter                      		1
                      DLL Side-Loading                      		1
                      Registry Run Keys / Startup Folder                      		1
                      Virtualization/Sandbox Evasion                      		LSASS Memory321
                      Security Software Discovery                      		Remote Desktop Protocol1
                      Archive Collected Data                      		1
                      Non-Standard Port                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain Accounts1
                      Native API                      		Logon Script (Windows)1
                      DLL Side-Loading                      		1
                      Disable or Modify Tools                      		Security Account Manager1
                      Virtualization/Sandbox Evasion                      		SMB/Windows Admin Shares3
                      Clipboard Data                      		1
                      Application Layer Protocol                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook211
                      Process Injection                      		NTDS1
                      Process Discovery                      		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      Deobfuscate/Decode Files or Information                      		LSA Secrets135
                      System Information Discovery                      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
                      Obfuscated Files or Information                      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                      DLL Side-Loading                      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      SqWzv6g2gV.exe53%ReversingLabsWin32.Adware.RedCap

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe34%ReversingLabsWin32.Infostealer.Tinba

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://104.161.43.18:2845/7e56fc199c7194d0/h4qwbjtf.qjde4x0%Avira URL Cloudsafe
                      https://104.161.43.18:2845/7e56fc199c7194d0/h4qwbjtf.qjde40%Avira URL Cloudsafe
                      https://104.161.43.18:2845/7e56fc199c7194d0/h4qwbjtf.qjde4kernelbasentdllkernel32GetProcessMitigatio0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      No contacted domains info

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://104.161.43.18:2845/7e56fc199c7194d0/h4qwbjtf.qjde4true
                      • Avira URL Cloud: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://cloudflare-dns.com/dns-querysvchost.exe, 00000004.00000003.1603784365.00000000031A1000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://www.macromedia.comSqWzv6g2gV.exe, DiskTuner.exe.0.drfalse
                          		high
                          https://104.161.43.18:2845/7e56fc199c7194d0/h4qwbjtf.qjde4kernelbasentdllkernel32GetProcessMitigatiosvchost.exe, 00000004.00000002.1678636804.000000000310C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000008.00000002.2018538417.00000254AC2C0000.00000040.00000001.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachisvchost.exe, 00000004.00000003.1603784365.00000000031A1000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://104.161.43.18:2845/7e56fc199c7194d0/h4qwbjtf.qjde4xsvchost.exe, 00000004.00000002.1677964510.00000000009BC000.00000004.00000010.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://%shttp://a.SharedObject.BadPersistencependingSharedObject.UriMismatchSqWzv6g2gV.exe, DiskTuner.exe.0.drfalse
                              		high
                              http://.macromedia.com/support/flashplayer/sys/https://SettingsSubdomainmms.cfgdefaultAuthorLocalSecSqWzv6g2gV.exe, DiskTuner.exe.0.drfalse
                                		high
                                http://www.macromedia.comhttps://www.macromedia.com/support/flashplayer/sys/&ampSqWzv6g2gV.exe, DiskTuner.exe.0.drfalse
                                  		high
                                  https://www.macromedia.com/bin/flashdownload.cgiSqWzv6g2gV.exe, DiskTuner.exe.0.drfalse
                                    		high
                                    https://www.macromedia.com/support/flashplayer/sys/SqWzv6g2gV.exe, DiskTuner.exe.0.drfalse
                                      		high

                                      World Map of Contacted IPs

                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs

                                      Public IPs

                                      IPDomainCountryFlagASNASN NameMalicious
                                      104.161.43.18
                                      		unknownUnited States
                                      		53755IOFLOODUStrue

                                      General Information

                                      Joe Sandbox version:41.0.0 Charoite
                                      Analysis ID:1576983
                                      Start date and time:2024-12-17 20:18:19 +01:00
                                      Joe Sandbox product:CloudBasic
                                      Overall analysis duration:0h 8m 47s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Cookbook file name:default.jbs
                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                      Number of analysed new started processes analysed:15
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • HCA enabled
                                      • EGA enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Sample name:SqWzv6g2gV.exe
                                      renamed because original name is a hash value
                                      Original Sample Name:5538489f53de4cb1503014a2e348035a2ae5cbc2fac2d8adff67e1b2f83169e4.exe
                                      Detection:MAL
                                      Classification:mal100.troj.evad.winEXE@9/6@0/1
                                      EGA Information:
                                      • Successful, ratio: 50%
                                      HCA Information:Failed
                                      Cookbook Comments:
                                      • Found application associated with file extension: .exe

                                      Warnings

                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                      • Excluded IPs from analysis (whitelisted): 20.42.65.92, 13.107.246.63, 172.202.163.200, 20.231.128.65
                                      • Excluded domains from analysis (whitelisted): onedsblobprdeus17.eastus.cloudapp.azure.com, slscr.update.microsoft.com, login.live.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                      • Execution Graph export aborted for target SqWzv6g2gV.exe, PID 1356 because there are no executed function
                                      • Execution Graph export aborted for target svchost.exe, PID 920 because there are no executed function
                                      • Not all processes where analyzed, report is missing behavior information
                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                      • VT rate limit hit for: SqWzv6g2gV.exe

                                      Simulations

                                      Behavior and APIs

                                      TimeTypeDescription
                                      14:20:20API Interceptor1x Sleep call for process: WerFault.exe modified
                                      19:19:40AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run DiskTuner C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe
                                      19:19:49AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run DiskTuner C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe

                                      Joe Sandbox View / Context

                                      IPs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      104.161.43.1837O0XUq6Vp.exeGet hashmaliciousRHADAMANTHYSBrowse
                                        tO8laPAv1k.exeGet hashmaliciousRHADAMANTHYSBrowse
                                          nPcYcCBa00.exeGet hashmaliciousRHADAMANTHYSBrowse
                                            JLrciUppSu.exeGet hashmaliciousRHADAMANTHYSBrowse
                                              122046760.batGet hashmaliciousRHADAMANTHYSBrowse
                                                pkqLAMAv96.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                  IIC0XbKFjS.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                    873406390.batGet hashmaliciousRHADAMANTHYSBrowse
                                                      0J3fAc6cHO.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                        1H57mPm9jr.exeGet hashmaliciousRHADAMANTHYSBrowse

                                                          Domains

                                                          No context

                                                          ASNs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          IOFLOODUSRXnQXC1eJa.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                          • 104.161.43.18
                                                          37O0XUq6Vp.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                          • 104.161.43.18
                                                          tO8laPAv1k.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                          • 104.161.43.18
                                                          nPcYcCBa00.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                          • 104.161.43.18
                                                          JLrciUppSu.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                          • 104.161.43.18
                                                          122046760.batGet hashmaliciousRHADAMANTHYSBrowse
                                                          • 104.161.43.18
                                                          pkqLAMAv96.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                          • 104.161.43.18
                                                          IIC0XbKFjS.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                          • 104.161.43.18
                                                          873406390.batGet hashmaliciousRHADAMANTHYSBrowse
                                                          • 104.161.43.18
                                                          0J3fAc6cHO.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                          • 104.161.43.18

                                                          JA3 Fingerprints

                                                          No context

                                                          Dropped Files

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe1H57mPm9jr.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                            l92fYljXWF.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                              taCCGTk8n1.lnkGet hashmaliciousRHADAMANTHYSBrowse

                                                                Created / dropped Files

                                                                C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fontdrvhost.exe_d32c824e8915b30da4efd4eabd13e74e4ef8c1_ad0be647_665f1d59-dd2b-40ec-aa26-b919f9922e0b\Report.wer

                                                                Download File
                                                                Process:C:\Windows\System32\WerFault.exe
                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):65536
                                                                Entropy (8bit):0.6602493928200055
                                                                Encrypted:false
                                                                SSDEEP:96:58FauZ3e3qigKJ/s3Wrk41yHpHS2QXIDcQkc6tcEycw3ZUtzJzQ+HbHgrZ2ZAX/F:+sWgHn/xR0apYKjqzuiF1Z24lO8JO6
                                                                MD5:308E1745A751C919660A94F990CFB490
                                                                SHA1:1F69CCB19AA2CD7A5FC8619A553122B203936C1E
                                                                SHA-256:D54D75691E12E80305A7229F5B26EAB85D411B5E2001E75B8B80AD2CA7177324
                                                                SHA-512:8DFD23C129FCA454C365C1466E8A84D586EF5773A6DED7A41CC2098C5248B8CE21625E2007C40B34ADA41FF03BC252F815BF8D1B73F97B121A39402806C32E95
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.6.4.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.9.3.6.7.8.9.5.7.9.4.1.6.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.8.9.3.6.7.9.0.0.3.2.5.3.3.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.6.5.f.1.d.5.9.-.d.d.2.b.-.4.0.e.c.-.a.a.2.6.-.b.9.1.9.f.9.9.2.2.e.0.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.0.d.6.9.7.4.0.-.a.7.d.4.-.4.7.5.e.-.a.8.c.b.-.8.8.d.5.d.a.5.6.6.9.c.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.7.e.0.-.0.0.0.1.-.0.0.1.4.-.a.e.8.3.-.1.8.a.2.b.8.5.0.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.5.e.f.b.3.f.9.7.3.4.2.b.a.1.9.5.4.2.4.1.3.4.f.2.8.f.9.7.7.d.a.9.e.0.d.6.a.a.9.1.!.f.o.n.t.d.r.v.h.o.

                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER7345.tmp.dmp

                                                                Download File
                                                                Process:C:\Windows\System32\WerFault.exe
                                                                File Type:Mini DuMP crash report, 14 streams, Tue Dec 17 19:19:49 2024, 0x1205a4 type
                                                                Category:dropped
                                                                Size (bytes):47878
                                                                Entropy (8bit):1.267691671606051
                                                                Encrypted:false
                                                                SSDEEP:96:5M81dyRQlbyJ+jK7i7LF26YlmS4sLGS7MSgWIK2KIpev35:Ffw+joOh26jSUSASzAeP5
                                                                MD5:000A18AF07A0443BA3D69B6726C0A0B3
                                                                SHA1:21C6BD869CEB808C6840F81D27138CC5B1E998EC
                                                                SHA-256:94456DB974C4ACC1C07C3321E36D53EA07E87E609D2650D72CE65BC78109FF66
                                                                SHA-512:2D2776A76FC09E0CC3417B8B4EC253068F59AEA1738FD7CFE16D020D89B9D4351E597F48050FFB7F64168C5E000315917D43C21253119B411F6266AA5B90241C
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview:MDMP..a..... .........ag........................................2!..........T.......8...........T...............V.......................................................................................................eJ..............Lw......................T.............ag.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER73B3.tmp.WERInternalMetadata.xml

                                                                Download File
                                                                Process:C:\Windows\System32\WerFault.exe
                                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):8622
                                                                Entropy (8bit):3.69089280385534
                                                                Encrypted:false
                                                                SSDEEP:192:R6l7wVeJXIJKHUe6YzsVXhICTgmfr57vwpDH89beoffFqm:R6lXJYJg6Y4VxRgmfrFvleAfZ
                                                                MD5:AEACDE087B391658F59937F663433CC1
                                                                SHA1:99735556ACF1B5FCA886A388D353C1C12057AC0E
                                                                SHA-256:8FD435D1359D7285BADE6506982796C6D24B5C787D8A8113C6BE6219F57408DB
                                                                SHA-512:45F44F6DF80EB49347318AF7554C2B34744E06F33EFF6B6E4A7E944A05E8492A3137B113C40E32272468F96937C2D865D39F65DCE62BE6FC66F8C1215627830D
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.0.1.6.<./.P.i.

                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER73F3.tmp.xml

                                                                Download File
                                                                Process:C:\Windows\System32\WerFault.exe
                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):4853
                                                                Entropy (8bit):4.442745575730703
                                                                Encrypted:false
                                                                SSDEEP:48:cvIwWl8zsSJg771I9fC75WpW8VYhYm8M4Jk5LvM6FYyq8vU5LvM4aaMu/Fd:uIjfgI7sC7I7VdJcjMvWsjM4a1utd
                                                                MD5:38732BF679F1E178AB773A1A063D9511
                                                                SHA1:9F9CE763CAE1792D44265DD809A4828F94A48059
                                                                SHA-256:15FE3437580E864E955FDA59958C996194E513C1BE32AF7783F513845600D263
                                                                SHA-512:C51021FE5F9FCDB41D15CC9774BB056F3822B749D3C43E075F7F7C6E1E0117F28A6822F63FCD61DAC528FFB5D28216B1461A50DDF9F4DC06B98F00160D5B4680
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="635662" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                C:\Users\user\Videos\DiskTuner\Bin\DiskTuner.exe

                                                                Download File
                                                                Process:C:\Users\user\Desktop\SqWzv6g2gV.exe
                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):979567349
                                                                Entropy (8bit):0.044015480209425
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:A9BE0EBB1CA01D7F9DB6A801CD111725
                                                                SHA1:EC0FD376ADA859BAF234C761951237EF1E3C7060
                                                                SHA-256:11BA48C61A24E61ECA3D3A83EC1815F0FDBFE8EBDEA5521A1C661A01DBBB96FC
                                                                SHA-512:02360FCB5C2F413BE350E0EE5A6E20E2D5E7E4D56CD7A0F039BC5B267E0ACDCF922696F1028D6BF3BC4C06584E5111A7FFF2EA4633198BC7F2A2132E7342365F
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 34%
                                                                Joe Sandbox View:
                                                                • Filename: 1H57mPm9jr.exe, Detection: malicious, Browse
                                                                • Filename: l92fYljXWF.lnk, Detection: malicious, Browse
                                                                • Filename: taCCGTk8n1.lnk, Detection: malicious, Browse
                                                                Reputation:low
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................z..............z........#.............................Rich..................PE..L......C.....................`....................@...........................6.....Y.$..............................................."..............................................................................................................text............................... ..`.rdata...|..........................@..@.data....)...P.......P..............@....rsrc........."......0..............@..@................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Windows\appcompat\Programs\Amcache.hve

                                                                Download File
                                                                Process:C:\Windows\System32\WerFault.exe
                                                                File Type:MS Windows registry file, NT/2000 or above
                                                                Category:dropped
                                                                Size (bytes):1835008
                                                                Entropy (8bit):4.3947027249449615
                                                                Encrypted:false
                                                                SSDEEP:6144:3l4fiJoH0ncNXiUjt10qCG/gaocYGBoaUMMhA2NX4WABlBuNAROBSqa:14vFCMYQUMM6VFYSRU
                                                                MD5:067744FD6574233DE4FEA7C61CF46399
                                                                SHA1:778C6EED11F2D54B7B6AC3500A9DC1365FC38BA0
                                                                SHA-256:133CB3223EC02188F9AD543D8CB512459E29483AAD23B031CDDDE727F0436904
                                                                SHA-512:E95EB98EA45A92D7DEC699F0E1F8275A4CCA5AF2C8D418FB92BECA2464D45A26EA3316F95669DADEDBA49537381F443AB4EB6DBA3C69B4E4E82381A477F0BCF8
                                                                Malicious:false
                                                                Preview:regfG...G....\.Z.................... ....`......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.|...P...............................................................................................................................................................................................................................................................................................................................................&..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                Static File Info

                                                                General

                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                Entropy (8bit):2.524393667109925
                                                                TrID:
                                                                • Win32 Executable (generic) a (10002005/4) 99.40%
                                                                • InstallShield setup (43055/19) 0.43%
                                                                • Windows Screen Saver (13104/52) 0.13%
                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                File name:SqWzv6g2gV.exe
                                                                File size:10'485'760 bytes
                                                                MD5:f494bcf2f1aeeea24e2051f877fa9f6b
                                                                SHA1:2611565c0cf7193a15616a4e6c7a5ed06591c737
                                                                SHA256:5538489f53de4cb1503014a2e348035a2ae5cbc2fac2d8adff67e1b2f83169e4
                                                                SHA512:86703f40649507b391900d578e93de37793cc9d12dd732f8b99af53a55b3f2c072a96ac017aff70a822c9f142c520cced476b780cb256f0f737e835cefe26f6e
                                                                SSDEEP:98304:/VHFXSzmqsegfkVsBuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuTuuuuuuuuuuuuG:/VHFXSzmqsYWdqcp
                                                                TLSH:06B6BF01F29181B1D95236B55263E2F555B2AFF8973B80CF61927F1B3B321E25A33386
                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................z.......................z...............#...............................................Rich...................

                                                                File Icon

                                                                Icon Hash:c5a684988c94a0c5

                                                                Static PE Info

                                                                General

                                                                Entrypoint:0x4dc300
                                                                Entrypoint Section:.text
                                                                Digitally signed:false
                                                                Imagebase:0x400000
                                                                Subsystem:windows gui
                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                DLL Characteristics:NO_SEH
                                                                Time Stamp:0x4310D1EE [Sat Aug 27 20:49:50 2005 UTC]
                                                                TLS Callbacks:
                                                                CLR (.Net) Version:
                                                                OS Version Major:4
                                                                OS Version Minor:0
                                                                File Version Major:4
                                                                File Version Minor:0
                                                                Subsystem Version Major:4
                                                                Subsystem Version Minor:0
                                                                Import Hash:6cd1955b3508e1b7bae36e00ef841662

                                                                Entrypoint Preview

                                                                Instruction
                                                                sub esp, 44h
                                                                push esi
                                                                call dword ptr [0053D228h]
                                                                mov esi, eax
                                                                mov al, byte ptr [esi]
                                                                cmp al, 22h
                                                                call 00007F521CC10F20h
                                                                inc esi
                                                                cmp al, 22h
                                                                je 00007F521CCC0F2Ah
                                                                test al, al
                                                                jne 00007F521CCC0F16h
                                                                cmp al, 22h
                                                                jne 00007F521CCC0F38h
                                                                inc esi
                                                                jmp 00007F521CCC0F35h
                                                                cmp al, 20h
                                                                jbe 00007F521CCC0F31h
                                                                lea esp, dword ptr [esp+00000000h]
                                                                mov al, byte ptr [esi+01h]
                                                                inc esi
                                                                cmp al, 20h
                                                                jnbe 00007F521CCC0F1Ah
                                                                mov al, byte ptr [esi]
                                                                test al, al
                                                                je 00007F521CCC0F30h
                                                                mov edi, edi
                                                                cmp al, 20h
                                                                jnbe 00007F521CCC0F2Ah
                                                                mov al, byte ptr [esi+01h]
                                                                inc esi
                                                                test al, al
                                                                jne 00007F521CCC0F16h
                                                                lea eax, dword ptr [esp+04h]
                                                                push eax
                                                                mov dword ptr [esp+34h], 00000000h
                                                                call dword ptr [0053D270h]
                                                                test byte ptr [esp+30h], 00000001h
                                                                movzx eax, word ptr [esp+34h]
                                                                jne 00007F521CCC0F27h
                                                                mov eax, 0000000Ah
                                                                push eax
                                                                push esi
                                                                push 00000000h
                                                                push 00000000h
                                                                call dword ptr [0053D224h]
                                                                push eax
                                                                call 00007F521CCC0B23h
                                                                push eax
                                                                call dword ptr [0053D220h]
                                                                pop esi
                                                                int3
                                                                int3
                                                                int3
                                                                int3
                                                                int3
                                                                int3
                                                                movzx edx, byte ptr [ecx+0Dh]
                                                                xor eax, eax
                                                                mov ah, byte ptr [ecx+0Fh]
                                                                mov al, byte ptr [ecx+0Ch]
                                                                movzx ecx, byte ptr [ecx+0Eh]
                                                                shl eax, 08h
                                                                or eax, edx
                                                                shl eax, 08h
                                                                or eax, ecx
                                                                ret
                                                                int3
                                                                int3
                                                                int3
                                                                int3
                                                                int3
                                                                mov eax, ecx
                                                                mov dword ptr [eax], 00000000h
                                                                mov dword ptr [eax+04h], 00000000h
                                                                ret
                                                                push esi
                                                                push edi
                                                                mov esi, ecx
                                                                call dword ptr [0000D518h]

                                                                Rich Headers

                                                                Programming Language:
                                                                • [ C ] VS2003 (.NET) build 3077
                                                                • [C++] VS2003 (.NET) build 3077
                                                                • [RES] VS2003 (.NET) build 3077
                                                                • [LNK] VS2003 (.NET) build 3077

                                                                Data Directories

                                                                NameVirtual AddressVirtual Size Is in Section
                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x152e180x118.rdata
                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x2280000x13fca0.rsrc
                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_IAT0x13d0000x598.rdata
                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                Sections

                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                .text0x10000x13bc900x13c000a098c7e84ad5a36a04535e1c3b73e500False0.5445657078223892data6.741499573740984IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                .rdata0x13d0000x17c840x180007985ce6b5d14c95b3d11911cc6832e60False0.5450439453125data6.199908013459288IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                .data0x1550000xd29080xe00033ed2020b692083bf67c882b0e6ea252False0.7456926618303571data7.206453493549018IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                .rsrc0x2280000x13fca00x1400009320e41f96e7ef8271243abd1ebb98daFalse0.48977203369140626data7.03052303688737IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                Resources

                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                RT_CURSOR0x2296a80x134dataEnglishUnited States0.275974025974026
                                                                RT_CURSOR0x2297dc0xb4dataEnglishUnited States0.6444444444444445
                                                                RT_CURSOR0x2298900x134Targa image data - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.39935064935064934
                                                                RT_CURSOR0x2299c40xb4Targa image data - RLE 32 x 65536 x 1 +16 "\001"EnglishUnited States0.8944444444444445
                                                                RT_CURSOR0x229a780x134dataEnglishUnited States0.12012987012987013
                                                                RT_ICON0x229bac0x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.3225609756097561
                                                                RT_ICON0x22a2140x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.43951612903225806
                                                                RT_ICON0x22a4fc0x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 288EnglishUnited States0.4016393442622951
                                                                RT_ICON0x22a6e40x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.4831081081081081
                                                                RT_ICON0x22a80c0x35e0PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9907192575406032
                                                                RT_ICON0x22ddec0xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.4584221748400853
                                                                RT_ICON0x22ec940x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.47382671480144406
                                                                RT_ICON0x22f53c0x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsEnglishUnited States0.45564516129032256
                                                                RT_ICON0x22fc040x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.3504335260115607
                                                                RT_ICON0x23016c0x668Device independent bitmap graphic, 48 x 96 x 4, image size 0EnglishUnited States0.1774390243902439
                                                                RT_ICON0x2307d40x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishUnited States0.26344086021505375
                                                                RT_ICON0x230abc0x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishUnited States0.46621621621621623
                                                                RT_ICON0x230be40xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishUnited States0.5335820895522388
                                                                RT_ICON0x231a8c0x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.5478339350180506
                                                                RT_ICON0x2323340x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.41401734104046245
                                                                RT_ICON0x23289c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.34865145228215766
                                                                RT_ICON0x234e440x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.36538461538461536
                                                                RT_ICON0x235eec0x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.6462765957446809
                                                                RT_ICON0x2363540x668Device independent bitmap graphic, 48 x 96 x 4, image size 0EnglishUnited States0.27987804878048783
                                                                RT_ICON0x2369bc0x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishUnited States0.40860215053763443
                                                                RT_ICON0x236ca40x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 0EnglishUnited States0.47540983606557374
                                                                RT_ICON0x236e8c0x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishUnited States0.5506756756756757
                                                                RT_ICON0x236fb40xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishUnited States0.4650852878464819
                                                                RT_ICON0x237e5c0x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.677797833935018
                                                                RT_ICON0x2387040x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0EnglishUnited States0.7534562211981567
                                                                RT_ICON0x238dcc0x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.8034682080924855
                                                                RT_ICON0x2393340x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.32676348547717843
                                                                RT_ICON0x23b8dc0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.4547373358348968
                                                                RT_ICON0x23c9840x988Device independent bitmap graphic, 24 x 48 x 32, image size 0EnglishUnited States0.5823770491803278
                                                                RT_ICON0x23d30c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.600177304964539
                                                                RT_ICON0x23d7740x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.07868508221933042
                                                                RT_ICON0x24df9c0x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States0.15114568005045195
                                                                RT_ICON0x2574440x67e8Device independent bitmap graphic, 80 x 160 x 32, image size 26560EnglishUnited States0.1543233082706767
                                                                RT_ICON0x25dc2c0x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States0.175184842883549
                                                                RT_ICON0x2630b40x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.15948275862068967
                                                                RT_ICON0x2672dc0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.24107883817427386
                                                                RT_ICON0x2698840x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.2678236397748593
                                                                RT_ICON0x26a92c0x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.37459016393442623
                                                                RT_ICON0x26b2b40x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.42819148936170215
                                                                RT_MENU0x26b71c0x280dataChineseTaiwan0.55
                                                                RT_MENU0x26b99c0x350dataGermanGermany0.46226415094339623
                                                                RT_MENU0x26bcec0x2f2dataEnglishUnited States0.46419098143236076
                                                                RT_MENU0x26bfe00x34cdataFrenchFrance0.45260663507109006
                                                                RT_MENU0x26c32c0x356dataItalianItaly0.4601873536299766
                                                                RT_MENU0x26c6840x2c0dataJapaneseJapan0.5539772727272727
                                                                RT_MENU0x26c9440x2c4dataKoreanNorth Korea0.5706214689265536
                                                                RT_MENU0x26c9440x2c4dataKoreanSouth Korea0.5706214689265536
                                                                RT_MENU0x26cc080x286dataChineseChina0.5479876160990712
                                                                RT_MENU0x26ce900x336data0.46228710462287104
                                                                RT_MENU0x26d1c80x116dataChineseTaiwan0.7086330935251799
                                                                RT_MENU0x26d2e00x20adataGermanGermany0.5268199233716475
                                                                RT_MENU0x26d4ec0x1d2dataEnglishUnited States0.5343347639484979
                                                                RT_MENU0x26d6c00x220dataFrenchFrance0.5055147058823529
                                                                RT_MENU0x26d8e00x1fedataItalianItaly0.515686274509804
                                                                RT_MENU0x26dae00x146dataJapaneseJapan0.7239263803680982
                                                                RT_MENU0x26dc280x144dataKoreanNorth Korea0.7253086419753086
                                                                RT_MENU0x26dc280x144dataKoreanSouth Korea0.7253086419753086
                                                                RT_MENU0x26dd6c0x12edataChineseChina0.7019867549668874
                                                                RT_MENU0x26de9c0x1f4data0.536
                                                                RT_MENU0x26e0900x6adataChineseTaiwan0.7452830188679245
                                                                RT_MENU0x26e0fc0x9cdataGermanGermany0.7115384615384616
                                                                RT_MENU0x26e1980x70dataEnglishUnited States0.75
                                                                RT_MENU0x26e2080x90dataFrenchFrance0.6805555555555556
                                                                RT_MENU0x26e2980x88dataItalianItaly0.7205882352941176
                                                                RT_MENU0x26e3200x78dataJapaneseJapan0.75
                                                                RT_MENU0x26e3980x78dataKoreanNorth Korea0.7833333333333333
                                                                RT_MENU0x26e3980x78dataKoreanSouth Korea0.7833333333333333
                                                                RT_MENU0x26e4100x6adataChineseChina0.7452830188679245
                                                                RT_MENU0x26e47c0x8cdata0.6857142857142857
                                                                RT_MENU0x26e5080x22dataChineseTaiwan1.1764705882352942
                                                                RT_MENU0x26e52c0x4adataGermanGermany0.8378378378378378
                                                                RT_MENU0x26e5780x34dataEnglishUnited States1.0
                                                                RT_MENU0x26e5ac0x3edataFrenchFrance0.9193548387096774
                                                                RT_MENU0x26e5ec0x42dataItalianItaly0.9545454545454546
                                                                RT_MENU0x26e6300x28dataJapaneseJapan1.125
                                                                RT_MENU0x26e6580x24dataKoreanNorth Korea1.1944444444444444
                                                                RT_MENU0x26e6580x24dataKoreanSouth Korea1.1944444444444444
                                                                RT_MENU0x26e67c0x22dataChineseChina1.1764705882352942
                                                                RT_MENU0x26e6a00x3cdata1.0166666666666666
                                                                RT_DIALOG0x26e6dc0x1a6dataChineseTaiwan0.5284360189573459
                                                                RT_DIALOG0x26e8840x1a6dataGermanGermany0.523696682464455
                                                                RT_DIALOG0x26ea2c0x1a6dataEnglishUnited States0.523696682464455
                                                                RT_DIALOG0x26ebd40x1a6dataFrenchFrance0.523696682464455
                                                                RT_DIALOG0x26ed7c0x1a6dataItalianItaly0.523696682464455
                                                                RT_DIALOG0x26ef240x19edataJapaneseJapan0.538647342995169
                                                                RT_DIALOG0x26f0c40x1a6dataKoreanNorth Korea0.5284360189573459
                                                                RT_DIALOG0x26f0c40x1a6dataKoreanSouth Korea0.5284360189573459
                                                                RT_DIALOG0x26f26c0x1a6dataChineseChina0.5260663507109005
                                                                RT_DIALOG0x26f4140x1aedata0.5302325581395348
                                                                RT_DIALOG0x26f5c40x140dataChineseTaiwan0.70625
                                                                RT_DIALOG0x26f7040x1d8dataGermanGermany0.5614406779661016
                                                                RT_DIALOG0x26f8dc0x1cadataEnglishUnited States0.5633187772925764
                                                                RT_DIALOG0x26faa80x1bcdataFrenchFrance0.5968468468468469
                                                                RT_DIALOG0x26fc640x18cdataItalianItaly0.6035353535353535
                                                                RT_DIALOG0x26fdf00x162dataJapaneseJapan0.7457627118644068
                                                                RT_DIALOG0x26ff540x144dataKoreanNorth Korea0.7376543209876543
                                                                RT_DIALOG0x26ff540x144dataKoreanSouth Korea0.7376543209876543
                                                                RT_DIALOG0x2700980x138dataChineseChina0.6987179487179487
                                                                RT_DIALOG0x2701d00x1cedata0.5757575757575758
                                                                RT_DIALOG0x2703a00x2cadataChineseTaiwan0.5714285714285714
                                                                RT_DIALOG0x27066c0x4cedataGermanGermany0.4056910569105691
                                                                RT_DIALOG0x270b3c0x448dataEnglishUnited States0.39507299270072993
                                                                RT_DIALOG0x270f840x4f8dataFrenchFrance0.3977987421383648
                                                                RT_DIALOG0x27147c0x49cdataItalianItaly0.38813559322033897
                                                                RT_DIALOG0x2719180x34edataJapaneseJapan0.5721040189125296
                                                                RT_DIALOG0x271c680x32edataKoreanNorth Korea0.5675675675675675
                                                                RT_DIALOG0x271c680x32edataKoreanSouth Korea0.5675675675675675
                                                                RT_DIALOG0x271f980x2c2dataChineseChina0.5722379603399433
                                                                RT_DIALOG0x27225c0x48edata0.3936535162950257
                                                                RT_STRING0x2726ec0xeedataChineseTaiwan0.5378151260504201
                                                                RT_STRING0x2727dc0x10adataGermanGermany0.5225563909774437
                                                                RT_STRING0x2728e80x104dataEnglishUnited States0.5076923076923077
                                                                RT_STRING0x2729ec0x116dataFrenchFrance0.5215827338129496
                                                                RT_STRING0x272b040x10cdataItalianItaly0.5111940298507462
                                                                RT_STRING0x272c100xfcdataJapaneseJapan0.5674603174603174
                                                                RT_STRING0x272d0c0xf0dataKoreanNorth Korea0.5625
                                                                RT_STRING0x272d0c0xf0dataKoreanSouth Korea0.5625
                                                                RT_STRING0x272dfc0xeedataChineseChina0.542016806722689
                                                                RT_STRING0x272eec0x116data0.5179856115107914
                                                                RT_STRING0x2730040xdeMatlab v4 mat-file (little endian) Gr-N\011g, numeric, rows 0, columns 0ChineseTaiwan0.6891891891891891
                                                                RT_STRING0x2730e40x204Matlab v4 mat-file (little endian) a, numeric, rows 0, columns 0GermanGermany0.4573643410852713
                                                                RT_STRING0x2732e80x1aaMatlab v4 mat-file (little endian) , numeric, rows 0, columns 0EnglishUnited States0.4624413145539906
                                                                RT_STRING0x2734940x20aMatlab v4 mat-file (little endian) n, numeric, rows 0, columns 0FrenchFrance0.4521072796934866
                                                                RT_STRING0x2736a00x1acMatlab v4 mat-file (little endian) n, numeric, rows 0, columns 0ItalianItaly0.4532710280373832
                                                                RT_STRING0x27384c0x116Matlab v4 mat-file (little endian) \3740\3230\3740\205Qn0\2710\2570\3520\3270\3100L0\237S\340Vg0 , numeric, rows 0, columns 0JapaneseJapan0.6438848920863309
                                                                RT_STRING0x2739640x100Matlab v4 mat-file (little endian) , numeric, rows 0, columns 0KoreanNorth Korea0.796875
                                                                RT_STRING0x2739640x100Matlab v4 mat-file (little endian) , numeric, rows 0, columns 0KoreanSouth Korea0.796875
                                                                RT_STRING0x273a640xe0Matlab v4 mat-file (little endian) Gr-N\204v\320g*N\032\201,g\374[\364\201 , numeric, rows 0, columns 0ChineseChina0.6696428571428571
                                                                RT_STRING0x273b440x1a8Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 00.5070754716981132
                                                                RT_STRING0x273cec0x56Matlab v4 mat-file (little endian) \326S\201\211, numeric, rows 0, columns 0ChineseTaiwan0.5348837209302325
                                                                RT_STRING0x273d440x110Matlab v4 mat-file (little endian) \344, numeric, rows 0, columns 0GermanGermany0.41544117647058826
                                                                RT_STRING0x273e540xcaMatlab v4 mat-file (little endian) e, numeric, rows 0, columns 0EnglishUnited States0.45544554455445546
                                                                RT_STRING0x273f200x106Matlab v4 mat-file (little endian) h, numeric, rows 0, columns 0FrenchFrance0.44274809160305345
                                                                RT_STRING0x2740280xfaMatlab v4 mat-file (little endian) e, numeric, rows 0, columns 0ItalianItaly0.384
                                                                RT_STRING0x2741240x8eMatlab v4 mat-file (little endian) \2420\3030\3270\3550\3740\3110Y0\2130\3250\2410\2440\3530\2220x\220\236bW0~0Y0 , numeric, rows 0, columns 0JapaneseJapan0.5
                                                                RT_STRING0x2741b40x7cdataKoreanNorth Korea0.6290322580645161
                                                                RT_STRING0x2741b40x7cdataKoreanSouth Korea0.6290322580645161
                                                                RT_STRING0x2742300x5cMatlab v4 mat-file (little endian) \351b\201\211, numeric, rows 0, columns 0ChineseChina0.4891304347826087
                                                                RT_STRING0x27428c0x138Matlab v4 mat-file (little endian) e, numeric, rows 0, columns 00.4166666666666667
                                                                RT_STRING0x2743c40x52dataChineseTaiwan0.8536585365853658
                                                                RT_STRING0x2744180xaadataGermanGermany0.6
                                                                RT_STRING0x2744c40x98dataEnglishUnited States0.6052631578947368
                                                                RT_STRING0x27455c0xd6dataFrenchFrance0.5373831775700935
                                                                RT_STRING0x2746340xaadataItalianItaly0.5764705882352941
                                                                RT_STRING0x2746e00x70dataJapaneseJapan0.7857142857142857
                                                                RT_STRING0x2747500x58dataKoreanNorth Korea0.8977272727272727
                                                                RT_STRING0x2747500x58dataKoreanSouth Korea0.8977272727272727
                                                                RT_STRING0x2747a80x52dataChineseChina0.8048780487804879
                                                                RT_STRING0x2747fc0xc8data0.54
                                                                RT_ACCELERATOR0x2748c40x80dataEnglishUnited States0.6875
                                                                RT_GROUP_CURSOR0x2749440x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States1.0294117647058822
                                                                RT_GROUP_CURSOR0x2749680x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States1.0
                                                                RT_GROUP_CURSOR0x27498c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                RT_GROUP_ICON0x2749a00x102dataEnglishUnited States0.6046511627906976
                                                                RT_GROUP_ICON0x274aa40xaedataEnglishUnited States0.6206896551724138
                                                                RT_GROUP_ICON0x274b540x84dataEnglishUnited States0.6363636363636364
                                                                RT_VERSION0x274bd80x3c4dataEnglishUnited States0.4221991701244813
                                                                RT_DLGINCLUDE0x274f9c0x6dc36PC bitmap, Windows 3.x format, 56883 x 2 x 44, image size 450345, cbSize 449590, bits offset 540.6995373562579239
                                                                RT_ANIICON0x2e2bd40xe52ePC bitmap, Windows 3.x format, 7462 x 2 x 45, image size 58788, cbSize 58670, bits offset 540.3828532469746037
                                                                RT_ANIICON0x2f11040xadb5PC bitmap, Windows 3.x format, 6091 x 2 x 54, image size 44877, cbSize 44469, bits offset 540.3292181069958848
                                                                RT_ANIICON0x2fbebc0xc408PC bitmap, Windows 3.x format, 6487 x 2 x 36, image size 50833, cbSize 50184, bits offset 540.3397895743663319
                                                                RT_ANIICON0x3082c40x3251cPC bitmap, Windows 3.x format, 26260 x 2 x 36, image size 206180, cbSize 206108, bits offset 540.4970597938944631
                                                                RT_ANIICON0x33a7e00x2d4bfPC bitmap, Windows 3.x format, 23999 x 2 x 52, image size 185728, cbSize 185535, bits offset 540.4973832430538712

                                                                Imports

                                                                DLLImport
                                                                WSOCK32.dllsetsockopt, gethostbyname, htonl, ioctlsocket, htons, WSAStartup, ntohl, WSACleanup
                                                                WININET.dllHttpQueryInfoA
                                                                CRYPT32.dllCertFreeCertificateContext, CertVerifySubjectCertificateContext, CertFindCertificateInStore, CertCreateCertificateContext, CryptGetMessageCertificates, CryptVerifyMessageSignature, CertCloseStore
                                                                VERSION.dllGetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA
                                                                WINMM.dllwaveInStop, waveInAddBuffer, waveInStart, waveInGetNumDevs, waveOutGetNumDevs, waveInClose, waveOutGetDevCapsA, waveOutPrepareHeader, waveOutWrite, waveOutReset, waveOutUnprepareHeader, waveInReset, waveInUnprepareHeader, waveInPrepareHeader, waveInOpen, waveInGetDevCapsA, timeGetTime, waveOutClose, waveOutOpen, timeKillEvent, timeSetEvent, timeGetDevCaps, timeBeginPeriod, timeEndPeriod
                                                                KERNEL32.dllGetSystemInfo, GetUserDefaultLangID, ExitThread, GlobalFree, GetFileAttributesA, GetFileAttributesW, LockResource, LoadResource, FindResourceExA, FindResourceExW, GlobalAlloc, CreateThread, GetTimeZoneInformation, GetSystemTime, SystemTimeToFileTime, DeleteFileA, DeleteFileW, MoveFileA, VirtualQuery, RemoveDirectoryA, RemoveDirectoryW, CreateDirectoryA, CreateDirectoryW, CreateFileA, CreateFileW, ReadFile, WriteFile, GetTempFileNameA, GetTempPathA, GetTempFileNameW, GetTempPathW, SetFilePointer, GetFileSize, GetFileAttributesExA, GetFileAttributesExW, FindFirstFileA, FindFirstFileW, FindNextFileA, FindNextFileW, FindClose, GetSystemDirectoryA, GetModuleFileNameA, MoveFileExA, CreateMutexA, ReleaseMutex, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, WaitForSingleObject, WideCharToMultiByte, GlobalUnlock, GlobalLock, IsDBCSLeadByteEx, lstrlenA, SetEndOfFile, CopyFileA, CopyFileW, GetModuleFileNameW, GetCommandLineW, ExitProcess, GetModuleHandleA, GetCommandLineA, GetProcessTimes, GetCurrentProcess, CreateEventA, SetEvent, TlsAlloc, SetThreadPriority, InterlockedIncrement, InterlockedDecrement, ResetEvent, WaitForMultipleObjects, VirtualFree, VirtualAlloc, GetThreadPriority, GetCurrentThread, GetSystemDefaultLangID, FreeLibrary, GetLastError, GetStartupInfoA, CreateProcessA, CloseHandle, LCMapStringW, LCMapStringA, GetTickCount, GetCurrentThreadId, GetLocaleInfoA, SetErrorMode, LoadLibraryA, GetProcAddress, QueryPerformanceCounter, QueryPerformanceFrequency, IsDBCSLeadByte, GetACP, GetCPInfo, MultiByteToWideChar, GetVersionExA, InterlockedExchange, InterlockedCompareExchange, Sleep, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, HeapAlloc, GetProcessHeap, MoveFileW, HeapFree
                                                                USER32.dllGetSubMenu, LoadMenuA, SetTimer, KillTimer, GetClientRect, ScreenToClient, GetCursorPos, SetCursor, LoadCursorA, EndPaint, BeginPaint, GetMenu, DestroyWindow, GetFocus, WindowFromPoint, GetCapture, ReleaseCapture, SetCapture, TrackPopupMenu, ClientToScreen, DeleteMenu, GetMenuItemID, IsWindow, DefWindowProcA, GetWindowLongA, CreateWindowExA, RegisterClipboardFormatA, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, SetClipboardData, EmptyClipboard, InsertMenuA, InsertMenuW, RemoveMenu, GetWindow, UnregisterClassA, LoadStringW, MoveWindow, SetMenu, UpdateWindow, ShowWindow, SetDlgItemTextA, SetDlgItemTextW, EnableWindow, GetDlgItemTextA, GetWindowTextLengthA, DestroyMenu, GetWindowTextLengthW, PostQuitMessage, GetMenuStringA, GetMenuStringW, RegisterClassA, DispatchMessageA, TranslateMessage, TranslateAcceleratorA, GetMessageA, LoadAcceleratorsA, PostThreadMessageA, GetQueueStatus, PeekMessageA, MsgWaitForMultipleObjects, RegisterWindowMessageA, SystemParametersInfoA, DialogBoxIndirectParamW, DialogBoxIndirectParamA, PostMessageA, EndDialog, SetWindowLongA, GetParent, GetWindowRect, GetDesktopWindow, SetWindowPos, LoadIconA, GetDlgItem, SendMessageA, SetWindowTextA, SetFocus, GetMenuItemCount, GetMenuItemInfoA, GetSystemMetrics, InsertMenuItemA, DdeInitializeA, DdeCreateStringHandleA, DdeConnect, DdeClientTransaction, DdeDisconnect, DdeFreeStringHandle, DdeUninitialize, SendInput, GetKeyboardLayout, GetDC, ReleaseDC, GetDoubleClickTime, LoadStringA, EnableMenuItem, CheckMenuItem, InvalidateRect, WaitForInputIdle, MapVirtualKeyA, FillRect, GetKeyState, DialogBoxParamW, DialogBoxParamA, GetDlgItemTextW, MessageBoxA
                                                                GDI32.dllGetTextMetricsA, GetClipRgn, SetTextColor, ExtTextOutW, ExtTextOutA, CreateRectRgn, GetTextAlign, GetBkMode, GetTextColor, EnumFontFamiliesA, SetTextCharacterExtra, BeginPath, EndPage, DPtoLP, FillPath, ExtCreatePen, StrokePath, EndDoc, StartDocA, LPtoDP, CreateSolidBrush, GetClipBox, GetSystemPaletteEntries, CreatePalette, GetTextExtentPoint32A, CreatePen, GetBkColor, SetBkColor, GetCurrentObject, GetTextExtentPoint32W, EndPath, SetPolyFillMode, MoveToEx, LineTo, PolyBezierTo, SelectClipPath, SaveDC, RestoreDC, GdiFlush, DeleteObject, SelectObject, StretchDIBits, SetDIBitsToDevice, CreateCompatibleBitmap, GetObjectA, CreateCompatibleDC, DeleteDC, CreateDIBSection, GetDeviceCaps, BitBlt, RealizePalette, SelectPalette, GetStockObject, CreateFontIndirectA, SetBkMode, SetTextAlign, IntersectClipRect, SelectClipRgn, StartPage
                                                                comdlg32.dllGetOpenFileNameA, PrintDlgA, GetOpenFileNameW, GetSaveFileNameW, CommDlgExtendedError, GetSaveFileNameA
                                                                ADVAPI32.dllRegCloseKey, RegQueryValueExA, RegOpenKeyExA, RegQueryValueExW, RegOpenKeyExW, RegSetValueExA, RegCreateKeyA, RegSetValueA
                                                                SHELL32.dllDragQueryFileA, DragAcceptFiles, SHBrowseForFolderA, SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHAppBarMessage, DragQueryFileW
                                                                ole32.dllCoTaskMemAlloc, CoFreeUnusedLibraries, CoInitialize, CoUninitialize, CoCreateInstance, CoTaskMemFree

                                                                Possible Origin

                                                                Language of compilation systemCountry where language is spokenMap
                                                                EnglishUnited States
                                                                ChineseTaiwan
                                                                GermanGermany
                                                                FrenchFrance
                                                                ItalianItaly
                                                                JapaneseJapan
                                                                KoreanNorth Korea
                                                                KoreanSouth Korea
                                                                ChineseChina

                                                                Network Behavior

                                                                Suricata IDS Alerts

                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                2024-12-17T20:19:41.574350+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1104.161.43.182845192.168.2.949770TCP

                                                                Network Port Distribution

                                                                TCP Packets

                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Dec 17, 2024 20:19:40.118448019 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:40.239897013 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:40.240039110 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:40.240241051 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:40.360522032 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:41.445513010 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:41.450052023 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:41.574350119 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:41.837095976 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:41.845809937 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:41.965909958 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.237782001 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.237823009 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.237953901 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.238044977 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.238054991 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.238066912 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.238082886 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.238095045 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.238112926 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.238123894 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.238125086 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.238125086 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.238214016 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.246397972 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.246408939 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.246516943 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.252372026 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.252430916 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.359627962 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.359683990 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.359740973 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.430195093 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.430421114 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.430547953 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.433950901 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.435514927 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.435595036 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.436602116 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.443123102 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.443200111 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.443301916 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.450930119 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.451023102 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.451054096 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.458762884 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.458884954 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.458925962 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.466790915 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.466835022 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.466850042 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.474504948 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.474543095 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.474576950 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.482770920 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.482846975 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.482865095 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.490272045 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.490309954 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.490350008 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.498053074 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.498122931 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.498164892 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.506341934 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.506380081 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.506498098 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.512684107 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.512742996 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.512752056 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.557610989 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.621720076 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.621805906 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.621882915 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.623158932 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.623280048 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.623342991 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.628088951 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.628248930 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.628307104 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.631958961 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.632139921 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.632199049 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.636683941 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.636769056 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.636871099 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.641599894 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.641748905 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.641927958 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.646106005 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.646249056 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.646374941 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.650532007 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.650640965 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.650908947 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.655092001 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.655181885 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.655353069 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.659535885 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.659634113 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.659708977 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.664006948 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.664129019 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.664194107 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.668514967 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.668656111 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.668720961 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.673098087 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.673134089 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.673194885 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.677536011 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.677664042 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.678003073 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.682013035 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.682190895 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.682243109 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.686461926 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.686608076 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.686705112 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.690989971 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.691107035 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.691184998 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.695482969 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.695621014 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.695707083 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.700032949 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.700191975 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.700248957 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.704577923 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.704649925 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.704693079 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.709022999 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.709064007 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.709326982 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.713466883 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.713587999 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.713679075 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.718096972 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.718249083 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.718342066 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.722518921 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.722661972 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.722769022 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.726888895 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.773689985 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.814770937 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.814907074 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.815201044 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.816648960 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.816735983 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.816864967 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.820662022 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.820760012 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.820909023 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.824006081 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.824130058 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.824196100 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.827584028 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.827771902 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.827821970 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.831165075 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.831239939 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.831290007 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.834512949 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.834635019 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.834686041 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.838135958 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.838197947 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.838315010 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.841193914 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.841209888 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.841248989 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.844459057 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.844569921 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.844708920 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.847626925 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.847733021 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.847795963 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.850754976 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.850852966 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.850908995 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.853920937 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.853997946 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.854044914 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.857153893 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.857323885 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.857386112 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.859997988 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.860322952 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.860400915 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.863023043 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.863104105 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.863173962 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.866091967 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.866228104 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.866276026 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.869167089 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.869275093 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.869415998 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.872200012 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.872276068 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.872360945 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.875813961 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.875945091 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.876585960 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.878513098 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.878576994 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.878856897 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.881369114 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.881486893 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.881601095 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.884485960 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.884618998 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.884691954 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.887641907 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.887701035 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.887890100 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.890573978 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.890712023 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.890929937 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.893719912 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.893884897 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.893922091 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.896692991 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.896794081 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.896835089 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.899741888 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.899862051 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.899970055 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.903033972 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.903079987 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.903258085 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.905899048 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.906025887 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.906071901 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.909058094 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.909162045 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.909214973 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.912077904 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.912178993 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.913249969 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.915082932 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.915247917 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.915338039 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.918272018 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.918365955 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.918463945 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.921227932 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.921461105 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.922004938 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:42.924376965 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:42.964920044 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.058523893 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.058542013 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.058628082 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.058976889 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.058990002 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.059056997 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.061471939 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.061485052 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.061533928 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.063229084 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.063548088 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.063709021 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.065520048 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.065578938 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.065654993 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.067265987 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.067446947 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.067512989 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.068036079 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.068141937 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.068188906 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.069977999 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.070120096 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.070198059 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.071904898 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.072160006 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.072344065 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.073807955 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.073962927 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.074067116 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.075685978 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.075784922 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.077336073 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.077698946 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.077811003 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.077886105 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.079586983 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.079651117 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.079705954 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.085052013 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.085071087 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.085086107 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.085098028 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.085119963 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.085167885 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.086863041 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.087224007 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.087307930 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.088692904 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.088871956 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.088963032 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.090626001 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.090826035 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.090982914 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.092597008 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.092761040 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.094502926 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.094523907 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.094666004 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.096532106 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.096545935 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.096592903 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.098345995 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.098524094 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.098592043 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.099188089 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.099268913 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.099315882 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.101658106 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.101773977 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.101860046 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.102961063 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.103112936 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.103307009 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.104957104 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.105145931 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.105247974 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.107055902 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.107187986 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.107887030 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.108815908 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.108880997 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.109273911 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.110702038 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.110901117 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.112675905 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.112776041 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.112785101 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.113500118 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.114686012 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.114737988 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.114860058 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.116800070 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.116919041 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.118496895 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.118561029 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.118607044 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.119929075 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.120467901 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.120522976 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.120644093 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.122457981 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.122478008 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.122886896 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.124279022 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.124490023 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.124663115 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.126272917 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.126409054 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.126509905 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.128236055 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.128351927 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.128434896 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.130289078 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.130331993 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.130503893 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.132111073 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.132179022 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.132348061 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.134404898 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.134417057 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.134459972 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.135979891 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.135992050 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.136030912 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.137846947 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.137912989 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.138041019 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.139832973 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.139883041 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.139997005 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.141982079 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.142035007 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.142334938 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.143707037 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.143774986 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.143851042 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.145663977 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.145701885 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.145761013 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.147572041 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.147721052 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.147789955 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.149535894 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.149682999 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.149749994 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.151531935 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.151635885 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.152410984 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.153456926 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.153548002 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.153609991 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.155350924 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.155363083 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.155406952 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.157311916 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.157351971 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.157402992 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.249360085 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.249495029 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.249593019 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.250303984 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.250392914 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.250610113 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.252203941 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.252243996 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.252305984 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.254118919 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.254231930 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.254726887 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.256007910 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.256078005 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.257846117 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.257900000 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.257913113 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.258698940 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.259835958 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.259968996 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.260250092 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.261521101 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.261845112 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.262289047 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.263550997 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.263703108 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.263756990 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.265327930 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.265408039 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.265547037 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.266827106 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.266902924 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.266969919 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.268502951 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.268605947 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.270410061 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.270467997 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.270499945 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.270725965 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.271914005 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.272038937 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.272155046 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.273660898 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.273674965 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.273753881 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.275330067 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.275403023 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.275530100 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.276953936 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.277009010 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.277069092 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.278635979 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.278755903 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.280380964 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.280530930 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.280553102 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.281927109 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.281977892 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.282046080 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.282099962 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.283489943 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.283617020 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.283715010 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.285056114 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.285137892 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.285248041 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.286576986 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.286649942 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.286704063 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.288161039 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.288352013 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.288423061 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.292329073 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.292397976 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.292411089 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.292454958 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.292458057 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.292555094 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.293111086 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.293150902 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.293195009 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.294369936 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.294500113 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.294567108 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.295893908 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.296044111 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.296232939 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.297481060 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.297744989 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.297806025 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.299158096 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.299237013 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.299336910 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.300653934 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.300704956 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.302238941 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.302289963 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.302362919 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.302756071 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.303644896 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.303709030 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.303905964 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.305208921 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.305310011 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.305720091 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.306756020 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.306821108 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.306895018 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.308413982 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.308562040 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.309889078 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.309946060 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.310033083 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.310704947 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.311331987 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.311481953 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.311552048 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.312890053 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.313008070 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.313106060 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.314562082 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.314694881 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.314739943 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.316035032 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.316205025 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.316324949 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.317712069 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.317861080 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.317959070 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.319303989 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.319381952 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.319453955 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.320616961 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.320628881 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.320712090 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.322194099 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.322293043 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.322701931 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.323656082 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.323762894 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.323961973 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.325469971 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.325506926 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.325582981 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.326816082 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.326854944 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.326909065 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.328284979 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.328438044 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.328511953 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.329926014 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.330015898 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.330070019 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.331428051 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.331561089 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.331628084 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.333172083 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.333467960 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.333923101 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.334616899 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.383101940 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.441368103 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.441445112 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.441961050 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.442106962 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.442177057 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.442291021 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.442341089 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.443425894 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.443522930 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.443594933 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.444593906 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.444710970 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.444710970 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.445914984 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.445972919 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.446049929 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.447251081 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.447299957 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.447349072 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.448592901 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.448652983 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.448754072 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.449803114 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.449862957 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.449892998 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.451112032 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.451193094 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.451245070 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.452408075 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.452609062 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.452685118 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.453943968 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.454021931 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.454113007 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.455159903 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.455296993 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.455360889 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.456605911 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.456657887 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.456701994 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.457814932 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.457912922 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.457969904 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.459178925 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.459194899 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.460367918 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.460414886 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.460458994 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.460501909 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.461574078 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.461647987 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.461786985 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.462867022 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.462985039 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.463076115 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.464184046 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.464243889 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.464334011 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.465490103 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.465540886 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.465622902 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.466800928 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.466923952 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.466969967 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.468632936 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.468658924 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.468727112 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.469381094 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.469547033 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.469640017 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.470679045 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.470807076 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.470925093 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.472003937 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.472098112 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.472223043 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.473329067 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.473385096 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.473473072 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.474505901 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.474594116 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.474628925 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.475553989 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.475739956 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.475913048 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.476865053 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.476974964 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.477029085 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.478177071 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.478247881 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.478322983 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.479422092 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.479434967 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.479465008 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.480495930 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.480568886 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.480626106 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.481697083 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.481749058 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.481750011 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.482867956 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.482939959 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.482968092 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.484026909 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.484078884 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.484085083 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.485469103 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.485559940 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.485635996 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.486567974 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.486654997 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.486742973 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.487629890 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.487736940 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.487740040 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.488662958 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.488729000 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.488852978 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.490098000 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.490226030 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.490255117 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.490936041 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.490955114 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.490999937 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.492342949 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.492443085 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.492475986 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.493716955 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.493824005 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.494234085 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.494961977 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.495043039 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.495146990 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.496093035 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.496196032 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.496277094 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.497200966 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.497215033 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.497262955 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.498172998 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.498214006 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.498259068 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.499258995 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.499327898 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.499406099 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.500222921 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.500335932 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.500401020 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.501353025 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.501470089 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.501478910 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.502374887 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.502437115 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.502499104 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.503444910 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.503537893 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.503565073 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.504511118 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.504549980 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.504570007 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.554969072 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.633475065 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.633757114 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.633877993 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.634071112 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.634291887 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.634397030 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.635145903 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.635231972 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.635292053 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.636306047 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.636379004 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.636455059 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.637254000 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.637918949 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.637989998 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.638619900 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.638807058 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.639691114 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.639853001 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.639940023 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.640851974 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.640919924 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.640991926 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.641148090 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.641897917 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.642936945 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.642991066 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.643012047 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.643064976 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.643119097 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.644089937 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.645102024 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.645143986 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.645306110 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.645318985 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.645380020 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.646337032 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.646478891 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.646538973 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.647408962 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.647625923 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.647952080 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.648530006 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.648868084 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.648967981 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.649607897 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.649913073 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.650028944 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.650747061 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.650808096 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.650852919 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.651875019 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.651932955 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.652000904 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.653011084 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.653083086 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.654160976 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.654226065 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.654249907 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.654709101 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.655221939 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.655513048 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.655569077 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.656382084 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.656781912 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.656857014 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.657494068 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.657730103 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.657778025 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.658581018 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.658664942 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.659775972 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.659842014 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.659898043 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.659943104 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.660794973 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.660953999 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.661036968 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.661941051 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.662102938 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.662259102 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.663039923 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.663244009 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.663393974 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.664278030 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.664335012 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.664583921 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.665313959 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.665775061 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.665826082 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.666402102 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.666846991 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.666908979 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.667556047 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.667567968 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.667615891 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.668682098 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.669173002 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.669272900 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.669995070 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.670293093 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.670490980 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.671116114 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.671334028 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.671382904 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.672262907 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.672868967 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.673082113 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.673496962 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.673697948 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.673866034 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.674678087 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.675029993 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.675133944 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.675918102 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.675976038 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.676117897 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.677018881 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.677475929 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.677541971 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.678044081 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.678229094 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.678774118 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.679096937 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.679480076 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.680200100 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.680318117 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.680639029 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.681197882 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.681287050 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.681526899 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.681657076 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.682224989 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.682360888 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.682528973 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.683578968 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.684736967 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.684808969 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.684986115 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.684998035 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.685041904 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.686136961 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.686393023 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.686716080 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.687290907 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.687628031 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.688122034 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.688236952 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.688328981 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.689312935 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.689429045 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.689615965 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.689717054 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.690529108 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.690666914 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.690728903 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.691582918 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.691601992 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.691705942 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.692606926 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.742527008 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.833235979 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.833301067 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.833452940 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.833821058 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.833875895 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.833928108 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.834619045 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.834753036 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.835653067 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.835731030 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.835803986 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.836218119 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.836818933 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.836894035 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.836941004 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.837892056 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.838031054 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.838274002 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.839075089 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.839128971 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.839196920 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.840142012 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.840274096 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.841275930 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.841334105 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.841391087 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.842479944 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.842538118 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.842643976 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.842730999 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.843667030 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.843734980 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.843842983 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.844620943 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.844758987 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.845074892 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.845845938 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.845980883 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.846116066 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.846951008 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.847143888 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.847249031 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.848058939 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.848130941 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.848498106 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.849184036 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.849842072 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.850238085 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.850302935 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.850457907 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.850699902 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.851402998 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.851461887 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.851543903 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.852521896 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.852710009 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.852781057 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.853838921 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.853982925 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.854706049 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.854876995 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.855570078 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.855968952 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.856026888 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.856026888 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.856997013 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.857073069 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.857364893 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.857430935 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.858244896 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.858649969 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.858741999 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.859220982 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.859369993 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.860346079 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.860446930 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.860472918 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.861490011 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.861577988 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.861798048 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.862559080 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.862634897 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.862891912 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.863193035 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.863711119 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.863991022 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.864042997 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.864852905 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.864960909 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.865946054 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.865992069 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.866571903 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.866725922 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.867079973 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.867866039 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.867923975 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.868226051 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.868238926 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.869330883 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.869383097 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.869662046 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.870479107 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.870491982 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.870556116 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.870556116 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.871598959 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.871680021 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.871932030 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.872669935 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.872869015 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.873914957 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.873986006 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.874288082 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.874733925 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.874975920 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.874989986 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.875031948 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.875847101 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.875930071 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.876080036 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.876543045 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.876614094 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.877208948 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.877219915 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.877278090 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.878369093 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.878508091 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.878705025 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.879520893 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.879669905 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.880570889 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.880585909 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.880770922 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.880819082 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.881692886 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.882080078 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.882730961 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.882855892 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.883187056 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.883255959 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.884035110 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.885139942 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.885152102 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.885205984 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.885298967 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.885359049 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.886245012 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.887161970 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.887368917 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.887379885 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.887423992 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.887502909 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.888408899 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.888586998 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.889740944 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.889897108 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.890122890 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.890221119 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.890820980 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.890834093 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.890960932 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.891760111 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:43.899341106 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:43.899379015 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.028870106 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.028887033 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.028975010 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.029405117 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.029417992 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.029474020 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.030363083 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.030376911 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.030417919 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.031536102 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.031625032 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.031972885 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.032505035 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.033103943 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.033219099 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.033257008 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.033396006 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.033607960 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.034274101 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.034492970 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.034538984 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.035368919 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.035474062 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.035548925 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.036564112 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.036691904 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.037272930 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.037621975 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.037892103 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.038002968 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.038826942 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.038841009 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.038892031 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.039880037 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.040188074 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.040302038 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.041265011 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.041277885 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.041323900 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.042128086 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.042140007 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.042216063 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.043191910 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.043612957 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.044239044 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.044485092 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.044624090 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.044893026 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.045768976 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.045782089 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.045824051 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.046694040 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.046828032 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.046961069 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.047665119 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.047679901 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.047729015 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.049036980 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.049050093 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.049098969 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.050205946 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.050220013 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.050270081 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.051116943 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.051359892 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.051409960 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.052299023 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.052310944 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.052362919 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.053638935 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.053652048 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.054563999 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.054578066 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.054626942 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.054626942 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.055982113 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.055995941 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.056058884 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.056730032 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.056744099 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.056799889 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.057817936 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.057830095 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.057883024 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.059005022 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.059017897 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.059087992 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.060229063 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.060241938 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.060297012 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.061347961 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.061359882 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.061403036 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.062508106 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.062789917 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.063069105 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.063618898 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.063637018 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.064090967 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.064836979 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.065325022 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.065375090 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.065903902 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.066061974 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.066103935 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.066939116 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.066951990 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.067043066 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.067985058 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.067997932 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.068068981 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.069283009 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.070256948 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.070597887 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.070610046 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.070660114 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.070689917 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.071721077 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.072299957 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.072412014 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.072698116 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.072801113 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.072839975 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.073883057 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.073905945 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.074011087 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.075006962 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.075018883 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.075067043 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.076159954 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.076172113 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.076217890 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.077121973 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.077475071 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.077873945 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.078001022 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.078254938 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.078805923 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.079193115 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.079205036 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.079261065 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.080302000 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.080312967 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.080359936 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.081382036 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.082050085 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.082098961 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.082621098 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.082633018 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.082736015 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.083700895 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.083712101 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.084367037 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.084789991 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.085582972 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.085668087 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.086029053 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.086410999 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.086821079 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.086996078 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.133153915 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.219928026 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.219995022 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.220088959 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.220244884 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.220371008 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.220436096 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.221508026 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.222227097 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.222805977 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.222938061 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.222951889 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.222984076 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.223855019 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.223871946 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.223970890 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.224765062 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.225559950 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.225857019 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.225868940 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.225922108 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.225965023 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.227154016 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.227818012 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.227885962 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.228375912 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.228389978 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.228431940 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.229309082 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.229355097 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.229398012 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.230638027 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.231286049 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.231339931 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.231730938 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.231818914 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.231869936 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.232594967 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.232609987 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.232666016 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.233820915 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.233834982 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.233927011 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.234998941 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.235104084 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.235236883 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.236071110 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.236124992 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.236269951 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.237145901 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.237374067 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.237469912 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.238289118 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.238558054 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.238698006 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.239284992 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.239892960 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.240395069 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.240458965 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.240528107 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.240566969 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.241554022 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.241569042 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.241640091 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.242640018 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.242734909 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.243172884 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.243849993 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.243864059 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.244014025 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.245048046 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.245104074 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.246062040 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.246129990 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.246154070 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.246232033 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.247159004 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.247678995 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.247921944 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.248316050 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.248719931 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.248771906 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.249501944 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.249579906 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.250631094 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.250686884 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.250782013 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.251735926 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.251792908 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.251828909 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.251868010 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.252780914 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.252957106 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.253988981 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.254030943 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.254380941 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.254443884 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.255358934 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.255595922 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.255660057 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.256220102 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.256273985 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.256468058 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.257457972 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.258080006 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.258366108 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.258661032 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.258688927 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.258732080 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.259561062 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.259928942 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.260000944 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.260628939 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.261058092 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.261168003 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.261693001 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.261714935 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.261746883 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.262589931 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.262640953 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.263027906 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.263044119 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.263091087 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.264045954 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.264173985 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.264215946 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.265115023 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.265249014 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.265409946 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.266263962 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.266906977 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.266974926 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.267350912 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.267600060 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.267671108 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.268521070 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.268801928 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.268845081 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.269603968 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.269895077 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.269937992 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.270706892 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.270956039 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.271003962 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.271909952 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.272238970 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.272341967 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.272973061 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.273021936 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.273062944 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.274110079 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.274153948 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.274296999 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.275367975 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.275379896 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.275530100 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.276479959 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.276523113 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.276612043 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.277498007 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.277510881 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.277553082 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.278636932 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.303879976 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.303879976 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.412570000 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.412775040 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.412815094 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.412966967 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.413356066 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.413392067 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.415433884 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.415447950 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.415481091 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.415491104 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.415493965 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.415524960 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.416249990 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.416264057 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.416315079 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.417459011 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.417471886 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.417519093 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.418518066 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.418534994 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.418566942 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.419656038 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.419667959 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.419734001 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.420766115 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.420778036 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.420830011 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.421794891 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.422180891 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.422218084 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.422919989 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.423218966 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.423336029 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.424216986 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.425232887 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.425244093 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.425314903 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.425334930 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.425374985 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.426470995 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.427293062 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.427335024 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.427772045 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.427784920 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.427835941 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.429022074 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.429389954 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.429506063 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.429997921 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.430161953 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.430192947 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.432812929 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.432895899 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.432908058 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.432966948 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.432987928 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.433077097 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.433530092 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.433655024 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.433767080 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.434705973 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.435170889 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.435206890 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.435698986 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.436130047 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.436201096 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.436901093 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.437160969 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.437345982 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.438013077 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.438540936 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.438586950 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.439380884 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.439393044 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.439620972 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.440269947 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.440283060 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.440337896 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.441958904 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.441971064 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.442081928 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.442483902 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.442496061 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.442565918 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.443345070 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.444289923 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.444329977 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.444344997 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.444358110 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.444391012 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.445492983 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.445966959 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.446036100 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.446579933 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.446808100 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.446841002 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.447578907 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.448168993 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.448462963 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.448738098 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.448803902 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.448892117 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.450229883 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.450242043 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.450284958 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.450957060 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.451360941 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.451428890 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.452255011 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.452874899 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.452928066 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.453363895 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.453375101 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.453413010 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.454699993 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.455513954 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.455557108 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.455576897 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.455666065 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.455744028 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.456617117 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.457164049 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.457278013 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.457854986 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.457999945 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.458043098 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.459037066 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.459475994 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.459588051 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.459937096 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.460158110 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.460194111 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.461179972 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.461580038 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.461616039 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.462462902 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.463181973 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.463259935 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.463259935 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.463968992 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.464032888 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.464557886 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.464570999 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.464690924 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.465610981 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.466059923 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.466135979 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.466691971 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.466862917 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.466926098 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.467794895 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.467962027 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.468053102 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.469322920 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.469336033 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.469388008 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.470170975 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.470184088 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.470225096 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.471380949 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.523763895 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.604432106 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.604902029 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.604938984 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.605034113 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.605453014 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.605503082 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.605504990 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.606697083 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.606709003 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.606749058 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.607572079 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.607614994 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.607952118 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.608793020 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.608834982 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.609031916 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.609896898 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.609998941 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.610019922 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.610953093 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.611134052 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.611377954 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.612096071 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.612162113 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.612564087 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.612993956 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.613136053 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.613424063 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.614116907 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.614151955 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.614417076 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.615171909 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.615183115 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.615199089 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.616660118 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.616672039 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.616709948 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.617472887 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.617485046 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.617507935 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.618572950 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.618617058 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.619071007 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.619649887 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.619664907 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.619684935 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.620882988 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.620898008 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.620918036 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.622039080 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.622054100 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.622091055 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.623181105 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.623234034 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.623274088 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.624275923 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.624335051 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.624752045 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.625379086 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.625664949 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.625709057 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.626368046 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.626415968 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.626446962 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.627523899 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.627537012 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.627820015 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.628565073 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.628606081 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.628907919 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.629745960 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.629854918 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.629868984 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.630872011 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.630964041 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.631206989 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.632163048 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.632246017 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.632476091 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.633136988 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.633189917 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.633843899 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.634188890 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.634227037 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.634836912 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.635375023 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.635389090 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.635421991 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.636442900 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.636514902 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.637523890 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.637538910 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.637571096 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.637660027 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.638658047 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.638724089 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.638778925 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.639770031 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.639781952 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.639822960 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.641087055 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.641098976 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.641159058 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.642103910 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.642148018 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.642693043 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.643501997 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.643517017 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.643573999 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.644453049 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.644474983 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.645580053 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.645598888 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.645939112 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.645958900 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.646687031 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.646698952 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.646760941 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.647720098 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.647732973 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.647752047 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.649286032 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.649333954 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.649502039 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.649888039 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.649940014 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.649972916 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.651367903 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.651380062 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.651535988 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.652303934 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.652376890 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.652846098 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.653286934 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.653299093 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.653408051 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.654572010 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.654584885 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.654616117 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.655778885 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.655791044 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.655878067 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.656994104 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.657098055 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.657155991 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.657855034 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.657896996 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.657983065 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.658921957 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.658935070 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.658998013 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.660084963 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.660096884 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.660217047 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.661478996 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.661489964 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.661531925 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.662575960 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.662623882 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.662655115 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.711210966 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.796366930 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.796796083 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.796897888 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.796938896 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.796952009 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.797039986 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.798052073 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.798698902 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.799202919 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.799344063 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.800017118 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.800169945 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.800421953 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.800874949 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.800915956 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.801424026 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.801465988 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.801503897 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.802594900 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.802649975 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.802687883 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.803699017 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.803711891 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.803749084 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.805037975 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.805304050 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.805366039 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.805937052 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.806536913 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.806622982 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.807164907 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.807301998 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.807351112 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.808479071 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.808490992 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.808574915 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.809282064 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.809674978 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.809731007 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.810467958 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.810908079 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.810991049 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.811614037 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.812294960 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.812333107 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.812623024 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.812714100 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.812764883 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.813776970 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.815084934 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.815176964 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.817914009 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.817928076 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.817940950 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.817960978 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.818439960 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.818665981 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.818708897 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.818722963 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.818823099 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.819503069 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.819659948 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.819689989 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.819700003 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.819701910 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.819885969 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.820683956 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.820697069 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.820765972 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.821625948 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.822139978 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.822175026 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.822850943 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.823301077 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.823379040 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.824119091 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.824131966 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.824167013 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.825076103 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.825337887 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.825392008 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.826529026 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.826540947 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.826582909 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.827347994 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.827361107 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.827521086 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.828752041 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.828763962 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.828854084 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.829906940 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.829919100 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.829981089 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.831052065 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.831520081 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.831618071 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.832001925 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.832324982 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.832437038 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.833098888 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.833405018 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.833554029 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.834327936 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.834498882 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.834538937 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.835604906 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.835618973 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.835830927 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.836592913 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.836605072 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.836683989 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.837697029 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.838481903 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.838526011 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:44.839828968 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:44.883076906 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.020073891 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.020092964 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.020104885 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.020117044 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.020131111 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.020136118 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.020148039 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.020159006 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.020165920 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.020170927 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.020178080 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.020184994 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.020196915 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.020207882 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.020220995 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.020245075 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.020256042 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.020297050 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.020308018 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.020314932 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.020320892 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.020332098 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.020370960 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.020381927 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.020435095 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.020446062 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.020483017 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.020499945 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.020538092 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.020548105 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.020551920 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.020551920 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.020593882 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.020675898 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.020675898 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.021997929 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022011042 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022022963 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022034883 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022046089 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022057056 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022062063 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.022063017 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022075891 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022088051 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022100925 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022125006 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.022129059 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022140980 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022152901 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022155046 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.022164106 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022175074 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022183895 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.022185087 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022198915 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022209883 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022222042 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022233009 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022243977 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022253990 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022254944 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.022267103 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022278070 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022305965 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022317886 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022327900 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022340059 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022351027 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022361994 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022372961 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022383928 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022394896 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022407055 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022411108 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.022411108 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.022418022 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022429943 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022442102 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022454023 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022464037 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022475958 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022475958 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.022475958 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.022490025 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022501945 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022512913 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022524118 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022533894 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022536993 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.022536993 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.022546053 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022557020 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022567987 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022573948 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.022578955 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022591114 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022602081 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022614956 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022625923 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022639990 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022640944 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.022640944 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.022651911 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022685051 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.022685051 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.022849083 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.022944927 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.023240089 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.023607969 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.023694992 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.024286032 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.024943113 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.025008917 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.025358915 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.025857925 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.025914907 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.026546001 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.026731014 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.026757002 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.026854992 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.026854992 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.027609110 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.027713060 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.027826071 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.028753042 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.029011965 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.030122042 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.030136108 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.030163050 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.030220985 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.031049013 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.031382084 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.031464100 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.040795088 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.040795088 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.045818090 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.045830965 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.045887947 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.054378033 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.057712078 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.057905912 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.104258060 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.104258060 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.119342089 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.119363070 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.119379997 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.119807005 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.120524883 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.120537043 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.120548010 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.120610952 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.120610952 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.120683908 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.121690989 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.121704102 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.121715069 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.121804953 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.121804953 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.123985052 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.123996973 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.124006987 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.124113083 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.124830961 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.124842882 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.124851942 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.124905109 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.124905109 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.126132965 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.126144886 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.126158953 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.126275063 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.127671003 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.129343033 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.129354000 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.129400969 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.129400969 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.130590916 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.130601883 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.131331921 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.131764889 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.133007050 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.133713961 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.134507895 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.134520054 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.134656906 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.135514975 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.137039900 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.137109995 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.138094902 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.153217077 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.153264999 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.184695959 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.185014009 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.185245037 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.185270071 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.185973883 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.186124086 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.186441898 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.186594009 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.186645031 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.187753916 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.187767029 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.187830925 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.188777924 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.188788891 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.188880920 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.189886093 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.189897060 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.189951897 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.190948963 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.190960884 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.191085100 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.192472935 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.192485094 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.192586899 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.193211079 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.193223000 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.193630934 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.194292068 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.195379019 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.195390940 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.195403099 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.195447922 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.197050095 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.197062969 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.197160959 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.197772980 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.197921991 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.198049068 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.198774099 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.198923111 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.198980093 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.200099945 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.200112104 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.200191975 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.201045036 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.201450109 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.201595068 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.202126026 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.202555895 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.202872038 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.203216076 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.203228951 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.203340054 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.204406023 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.204420090 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.204510927 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.205506086 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.205569983 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.206126928 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.207158089 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.207274914 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.207338095 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.208203077 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.208214998 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.208261967 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.209410906 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.210256100 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.210269928 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.210315943 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.210525990 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.210671902 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.211323977 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.211704969 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.211761951 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.212414026 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.212548018 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.212632895 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.213468075 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.213479996 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.213532925 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.214509964 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.215292931 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.215357065 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.215845108 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.215857983 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.215924025 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.216872931 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.217006922 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.217073917 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.217931032 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.218264103 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.218311071 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.219013929 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.219878912 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.219930887 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.220020056 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.220211029 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.220276117 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.221144915 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.221637964 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.221704006 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.222265959 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.222899914 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.222946882 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.223416090 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.223428965 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.223488092 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.224548101 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.224663019 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.224770069 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.225786924 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.225981951 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.226070881 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.226780891 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.226923943 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.226991892 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.227344036 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.227344036 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.227977991 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.227989912 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.228049040 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.229070902 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.229845047 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.229904890 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.230077982 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.230192900 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.230272055 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.231208086 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.231628895 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.231676102 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.232379913 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.232584000 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.232630968 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.233639956 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.233983994 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.234251022 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.234813929 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.235608101 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.235925913 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.235938072 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.236109018 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.236109018 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.237236977 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.237421989 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.237518072 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.238498926 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.238558054 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.238606930 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.239401102 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.239413977 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.239505053 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.240446091 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.240463018 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.240542889 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.241405010 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.241417885 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.241480112 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.242479086 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.242496967 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.242692947 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.243585110 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.259109020 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.263233900 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.383958101 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.383986950 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.384049892 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.384654999 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.385034084 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.385557890 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.385571003 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.385603905 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.385603905 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.386444092 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.386456966 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.386666059 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.387769938 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.388169050 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.388202906 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.388406038 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.388782024 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.388896942 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.389344931 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.389590025 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.389630079 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.390111923 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.390249968 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.390554905 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.390970945 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.391365051 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.391906977 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.391921043 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.392036915 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.392036915 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.392837048 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.393426895 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.393486023 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.393898964 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.394196033 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.394248009 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.394952059 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.395030022 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.395106077 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.395853996 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.396169901 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.396625996 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.397170067 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.397456884 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.397511959 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.398022890 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.398814917 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.398907900 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.399043083 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.399056911 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.399107933 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.400154114 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.400458097 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.400553942 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.401349068 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.401540041 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.401618004 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.402276993 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.402688980 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.402766943 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.403448105 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.403564930 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.403604031 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.404583931 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.404597044 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.404633999 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.405626059 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.405638933 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.405679941 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.406712055 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.407361984 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.407810926 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.407824039 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.407865047 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.407865047 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.408852100 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.408864975 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.409456968 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.409939051 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.409950018 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.409991980 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.410996914 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.411010027 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.411320925 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.411911964 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.412131071 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.412205935 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.412975073 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.413192034 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.413248062 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.413985968 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.414124966 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.414227962 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.415107012 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.415806055 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.415868044 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.416168928 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.416227102 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.416433096 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.417174101 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.417424917 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.417515039 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.418232918 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.418373108 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.418456078 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.419302940 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.419426918 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.419677973 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.420361996 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.420496941 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.420587063 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.421426058 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.422285080 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.422347069 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.422580004 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.423700094 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.423713923 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.423782110 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.423949003 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.424175978 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.424890995 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.424904108 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.425257921 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.425682068 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.425803900 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.426996946 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.427021980 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.427087069 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.427151918 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.427856922 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.427959919 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.428226948 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.428945065 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.428956985 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.429280996 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.430298090 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.430310011 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.430372000 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.431103945 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.431117058 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.431233883 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.432224035 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.432250977 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.432555914 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.433252096 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.433264971 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.433310032 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.434328079 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.434520006 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.434719086 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.435440063 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.435570955 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.435885906 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.436386108 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.436618090 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.437081099 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.437613964 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.437685966 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.437804937 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.438488960 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.492490053 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.601322889 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.601339102 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.601623058 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.601846933 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.602166891 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.602787971 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.602900982 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.602973938 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.603962898 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.604043961 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.604137897 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.605267048 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.605279922 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.605446100 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.606349945 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.606515884 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.606666088 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.607234001 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.607412100 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.607949972 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.608333111 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.608422041 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.609431028 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.609445095 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.609563112 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.609563112 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.610387087 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.610485077 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.610573053 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.611382961 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.611476898 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.611635923 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.612433910 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.612476110 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.613533974 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.613720894 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.613770008 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.614702940 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.614716053 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.614881039 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.614881039 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.615895987 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.615909100 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.616120100 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.616760969 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.617007971 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.617647886 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.617885113 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.618418932 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.618558884 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.618969917 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.618983984 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.619086981 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.619945049 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.619978905 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.620057106 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.621078968 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.621352911 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.622072935 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.622096062 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.622452021 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.622570038 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.623327971 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.623339891 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.623471022 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.624274015 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.624286890 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.624366045 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.625408888 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.625421047 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.625650883 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.626421928 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.626432896 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.626481056 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.627583027 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.627595901 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.627644062 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.628596067 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.628673077 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.628938913 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.629690886 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.629703045 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.629786015 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.630661964 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.630851030 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.630908012 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.631823063 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.631835938 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.632011890 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.632708073 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.632870913 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.632921934 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.633904934 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.633917093 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.634074926 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.635016918 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.635075092 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.635169029 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.635957003 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.636035919 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.636081934 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.637111902 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.637168884 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.637345076 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.638179064 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.638191938 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.638530970 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.639260054 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.639271975 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.639331102 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.640258074 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.640270948 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.640312910 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.641299963 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.641350031 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.641433001 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.642345905 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.642400980 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.642476082 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.643476009 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.643609047 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.643655062 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.644485950 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.644586086 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.644890070 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.645539045 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.645601034 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.646598101 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.646656990 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.646672964 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.646827936 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.647681952 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.647696018 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.647773027 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.648833036 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.648844957 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.649234056 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.649866104 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.650110006 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.650713921 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.650882959 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.650958061 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.651278019 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.652061939 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.652075052 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.652174950 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.653009892 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.653109074 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.653187037 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.654170990 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.654185057 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.654217958 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.655149937 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.655275106 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.655328989 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.656225920 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.656369925 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.656796932 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.657278061 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.711258888 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.793514013 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.793586969 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.793694019 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.794044971 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.794146061 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.794373989 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.795037031 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.795051098 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.795105934 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.796017885 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.796164036 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.797112942 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.797183037 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.797214031 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.798207998 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.798260927 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.798374891 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.798746109 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.799367905 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.799428940 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.799534082 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.800299883 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.800432920 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.800502062 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.801347017 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.801508904 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.802540064 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.802613974 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.802642107 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.802726030 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.803543091 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.803656101 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.803705931 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.804666996 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.804766893 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.804826021 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.805629015 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.805738926 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.806381941 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.806693077 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.806813955 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.806912899 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.807848930 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.807862043 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.807943106 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.809119940 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.809134007 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.809209108 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.810070038 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.810292006 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.810365915 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.810998917 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.811162949 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.811230898 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.812217951 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.812416077 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.812953949 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.813282013 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.813517094 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.813565969 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.814310074 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.814399958 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.814515114 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.815386057 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.815445900 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.815628052 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.816582918 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.816596031 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.816663027 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.817609072 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.817624092 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.817686081 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.818600893 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.818614006 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.818675041 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.819521904 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.819535017 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.819624901 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.820584059 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.820667982 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.820779085 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.821629047 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.821935892 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.822743893 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.822808981 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.822865963 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.822917938 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.824040890 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.824055910 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.824147940 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.824975967 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.825159073 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.825220108 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.826044083 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.826056957 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.826139927 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.827126980 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.827245951 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.827320099 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.828305960 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.828444958 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.829452038 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.829482079 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.829509974 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.829740047 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.830446005 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.830593109 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.830636978 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.831536055 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.831661940 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.831893921 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.833031893 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.833265066 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.833372116 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.834621906 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.834696054 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.836281061 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.836350918 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.836426020 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.836693048 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.837994099 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.838007927 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.838071108 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.839174032 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.839329958 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.839378119 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.840229988 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.840298891 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.840816021 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.841067076 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.841274977 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.841356993 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.842084885 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.842135906 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.842267990 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.842991114 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.843003035 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.843075991 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.843844891 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.843859911 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.843935013 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.844772100 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.844872952 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.844908953 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.845736027 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.845860958 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.846021891 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.846822977 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.846837044 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.846884012 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.847650051 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.847662926 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.847742081 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.848680019 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.848694086 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.848882914 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.849710941 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.849971056 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.850115061 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.851125956 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.898787022 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.988538027 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.988555908 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.988574982 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.988588095 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.988969088 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.989548922 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.989561081 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.989638090 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.990439892 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.990499020 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.990562916 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.991512060 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.991658926 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.991729021 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.992494106 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.992619038 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.992728949 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.993684053 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.993702888 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.993793964 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.994678020 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.994908094 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.994951010 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.995739937 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.995861053 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.995908976 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.996810913 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.996934891 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.996984959 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.997899055 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.997957945 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.998027086 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.998977900 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.998991966 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:45.999108076 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:45.999942064 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.000106096 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.000176907 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.001131058 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.001295090 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.001357079 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.002232075 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.002356052 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.002706051 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.003196001 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.003326893 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.003427029 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.007121086 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.007133007 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.007144928 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.007157087 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.007168055 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.007175922 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.007219076 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.007219076 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.008184910 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.008199930 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.008306026 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.009186029 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.009198904 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.009289980 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.010462046 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.010476112 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.010545015 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.011676073 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.011689901 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.011768103 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.012511015 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.012692928 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.012758970 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.013472080 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.013531923 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.013674974 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.014489889 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.014688969 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.014864922 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.015681982 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.015695095 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.015794039 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.016720057 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.016908884 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.016987085 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.017833948 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.017848969 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.017932892 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.018838882 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.018985033 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.019179106 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.019944906 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.019967079 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.020129919 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.020916939 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.021081924 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.021122932 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.022164106 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.022186041 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.022284985 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.023066044 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.023087978 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.023241997 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.024158001 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.024307013 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.024413109 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.025279045 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.025427103 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.025485039 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.026415110 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.026582956 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.026631117 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.027359962 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.027514935 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.027852058 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.028337955 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.028481960 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.028616905 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.029414892 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.029584885 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.029655933 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.030509949 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.030668020 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.030715942 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.031593084 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.031770945 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.031841993 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.032689095 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.032875061 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.032996893 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.033812046 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.033823967 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.033873081 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.035106897 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.035123110 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.035186052 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.036039114 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.036051035 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.036206007 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.037137985 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.037153006 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.037218094 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.037931919 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.037945032 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.038009882 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.039158106 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.039170027 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.039321899 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.040292978 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.040308952 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.040355921 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.041213036 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.041340113 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.041408062 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.042324066 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.042337894 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.042404890 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.043467999 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.043625116 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.043703079 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.044394016 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.086373091 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.180283070 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.180332899 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.180751085 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.180810928 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.181232929 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.181246042 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.181463003 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.182017088 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.182065010 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.182092905 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.183089018 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.183366060 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.183552027 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.184094906 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.184155941 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.184272051 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.185168028 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.185498953 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.185564041 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.186229944 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.186414003 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.186485052 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.187303066 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.187509060 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.187598944 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.188366890 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.188468933 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.188642025 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.189466000 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.189822912 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.189954042 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.190879107 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.190885067 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.190942049 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.191575050 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.191641092 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.191644907 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.192660093 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.192718983 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.192797899 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.193739891 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.193799973 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.193873882 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.195244074 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.195297003 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.195358992 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.196517944 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.196595907 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.197263956 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.197448015 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.197501898 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.197554111 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.198067904 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.198108912 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.198128939 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.199069977 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.199119091 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.199177980 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.200146914 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.200218916 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.200274944 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.201143026 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.201210976 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.201232910 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.202291012 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.202390909 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.202435017 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.203306913 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.203476906 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.203571081 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.204380989 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.204458952 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.204479933 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.205466986 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.205539942 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.205790997 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.206547976 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.206589937 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.206597090 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.207585096 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.207720041 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.207740068 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.208772898 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.208931923 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.208991051 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.209772110 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.209813118 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.209876060 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.211113930 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.211334944 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.211707115 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.212440014 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.212527990 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.212551117 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.213531971 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.213654041 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.213690042 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.214508057 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.214551926 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.214601994 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.215646029 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.215677977 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.215770960 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.216717958 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.216777086 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.216825008 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.217571974 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.217638016 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.217658043 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.218635082 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.218651056 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.218681097 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.219465017 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.219501972 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.219569921 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.220413923 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.220427036 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.220482111 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.221499920 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.221513033 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.221604109 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.222517014 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.222568035 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.222661972 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.223572016 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.223586082 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.223653078 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.224705935 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.224718094 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.224807978 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.225704908 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.225795984 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.225825071 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.226727962 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.226784945 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.226878881 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.228123903 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.228236914 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.228349924 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.229026079 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.229099035 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.229147911 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.229958057 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.230020046 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.230041027 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.231338024 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.231353998 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.231405973 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.232338905 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.232351065 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.232395887 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.233192921 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.233308077 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.233762980 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.234244108 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.234282017 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.234316111 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.235317945 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.235445023 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.235490084 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.372854948 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.372873068 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.372994900 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.373380899 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.373536110 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.373738050 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.374372959 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.374530077 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.374699116 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.375545979 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.375560045 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.375619888 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.376701117 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.376722097 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.376776934 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.377531052 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.377827883 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.377893925 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.378812075 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.378828049 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.378901005 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.379805088 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.379818916 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.379933119 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.380951881 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.380964994 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.381026983 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.381969929 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.382155895 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.382294893 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.383104086 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.383116007 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.383204937 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.384119987 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.384135008 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.384201050 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.385142088 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.385319948 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.385396957 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.385823011 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.385898113 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.385996103 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.386913061 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.386961937 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.387011051 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.388150930 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.388164043 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.388228893 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.389075041 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.389267921 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.390069008 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.390111923 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.390243053 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.390279055 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.391305923 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.392266989 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.392309904 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.393073082 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.393085957 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.393167019 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.393333912 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.393496990 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.393568039 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.394325972 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.394473076 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.394748926 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.395478964 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.395586014 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.395656109 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.396497011 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.396616936 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.396683931 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.397583008 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.397716999 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.397819996 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.398665905 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.398785114 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.399735928 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.399765015 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.399844885 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.400801897 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.400873899 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.400947094 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.401990891 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.402054071 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.402232885 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.402298927 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.402919054 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.403044939 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.403095961 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.403971910 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.404144049 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.404191971 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.405049086 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.405200958 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.405268908 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.406116962 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.406266928 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.406322002 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.407160044 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.407252073 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.407305002 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.408232927 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.408607960 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.408651114 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.409302950 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.409382105 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.410135031 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.410356045 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.410422087 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.410461903 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.411462069 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.411540985 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.411633968 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.412491083 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.412626028 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.412667036 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.414228916 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.414628029 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.414664984 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.414690018 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.414784908 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.414824963 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.416304111 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.416337013 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.416388988 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.416980028 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.417056084 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.417136908 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.417818069 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.417948008 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.418031931 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.418992996 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.419152021 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.419194937 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.420039892 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.420108080 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.420358896 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.421025991 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.421152115 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.421192884 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.422183990 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.422195911 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.422238111 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.423188925 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.423367977 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.423410892 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.424254894 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.424367905 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.424411058 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.425503016 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.425515890 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.425554037 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.426455021 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.426470041 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.426522970 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.427418947 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.427613974 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.427675009 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.428844929 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.476818085 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.565494061 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.565526009 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.565596104 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.565876961 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.565979004 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.566066027 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.567107916 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.567658901 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.567745924 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.568129063 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.568142891 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.568223000 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.569108009 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.569154978 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.569325924 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.569910049 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.570003986 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.570043087 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.570996046 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.571744919 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.571830988 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.572104931 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.572495937 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.572573900 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.573153019 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.573291063 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.573334932 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.574225903 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.574314117 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.574412107 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.575352907 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.576103926 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.576189041 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.576379061 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.576391935 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.576451063 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.577361107 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.577430964 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.577502012 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.578485966 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.578569889 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.578612089 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.579909086 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.579992056 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.580142021 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.581506014 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.581715107 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.581902027 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.582581043 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.582600117 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.582645893 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.583632946 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.583806992 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.583853960 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.584870100 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.584907055 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.585036993 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.586029053 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.586445093 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.586556911 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.587121964 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.587212086 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.605413914 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.605521917 CET497702845192.168.2.9104.161.43.18
                                                                Dec 17, 2024 20:19:46.724941969 CET284549770104.161.43.18192.168.2.9
                                                                Dec 17, 2024 20:19:46.725282907 CET284549770104.161.43.18192.168.2.9

                                                                Statistics

                                                                CPU Usage

                                                                Click to jump to process

                                                                Memory Usage

                                                                Click to jump to process

                                                                High Level Behavior Distribution

                                                                Click to dive into process behavior distribution

                                                                Behavior

                                                                Click to jump to process

                                                                System Behavior

                                                                General

                                                                Target ID:0
                                                                Start time:14:19:17
                                                                Start date:17/12/2024
                                                                Path:C:\Users\user\Desktop\SqWzv6g2gV.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Users\user\Desktop\SqWzv6g2gV.exe"
                                                                Imagebase:0x400000
                                                                File size:10'485'760 bytes
                                                                MD5 hash:F494BCF2F1AEEEA24E2051F877FA9F6B
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:low
                                                                Has exited:true

                                                                General

                                                                Target ID:3
                                                                Start time:14:19:34
                                                                Start date:17/12/2024
                                                                Path:C:\Users\user\Desktop\SqWzv6g2gV.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Users\user\Desktop\SqWzv6g2gV.exe"
                                                                Imagebase:0x400000
                                                                File size:10'485'760 bytes
                                                                MD5 hash:F494BCF2F1AEEEA24E2051F877FA9F6B
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Yara matches:
                                                                • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000003.00000003.1576338970.0000000000A20000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000003.00000003.1579378017.0000000003100000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000003.00000003.1579111713.0000000002EE0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000003.00000002.1585501304.0000000000D00000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                Reputation:low
                                                                Has exited:true

                                                                General

                                                                Target ID:4
                                                                Start time:14:19:36
                                                                Start date:17/12/2024
                                                                Path:C:\Windows\SysWOW64\svchost.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Windows\System32\svchost.exe"
                                                                Imagebase:0xd90000
                                                                File size:46'504 bytes
                                                                MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Yara matches:
                                                                • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000003.1580727907.0000000000D70000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000004.00000003.1584818462.0000000005170000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000002.1678834360.0000000003280000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000004.00000003.1585111325.0000000005390000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                Reputation:high
                                                                Has exited:true

                                                                General

                                                                Target ID:7
                                                                Start time:14:19:36
                                                                Start date:17/12/2024
                                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 404
                                                                Imagebase:0x5b0000
                                                                File size:483'680 bytes
                                                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:true

                                                                General

                                                                Target ID:8
                                                                Start time:14:19:46
                                                                Start date:17/12/2024
                                                                Path:C:\Windows\System32\fontdrvhost.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:"C:\Windows\System32\fontdrvhost.exe"
                                                                Imagebase:0x7ff6791b0000
                                                                File size:827'408 bytes
                                                                MD5 hash:BBCB897697B3442657C7D6E3EDDBD25F
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:moderate
                                                                Has exited:true

                                                                General

                                                                Target ID:10
                                                                Start time:14:19:49
                                                                Start date:17/12/2024
                                                                Path:C:\Windows\System32\WerFault.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\system32\WerFault.exe -u -p 2016 -s 132
                                                                Imagebase:0x7ff707370000
                                                                File size:570'736 bytes
                                                                MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:true

                                                                Disassembly

                                                                Reset < >

                                                                  Execution Graph

                                                                  Execution Coverage:0%
                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                  Signature Coverage:7.8%
                                                                  Total number of Nodes:51
                                                                  Total number of Limit Nodes:0
                                                                  execution_graph 33916 42b640 45 API calls 33922 40de70 26 API calls 33837 424870 OpenClipboard GetClipboardData GetClipboardData GetClipboardData CloseClipboard 33925 417273 28 API calls 33926 420670 16 API calls 33929 4c9670 GetCurrentThreadId GetKeyboardLayout GetLocaleInfoA 33839 4dc870 EnterCriticalSection LeaveCriticalSection 33935 4275fe 16 API calls 33842 4d8000 EndDoc 33936 40d210 46 API calls 33846 4fc810 InitializeCriticalSection 33941 408220 14 API calls 33848 401031 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection 33849 41d430 56 API calls 33950 4012c0 16 API calls 33953 40fad0 26 API calls 33852 4118d0 7 API calls 33854 4144de 34 API calls 33957 4086e0 19 API calls 33855 41d8e0 35 API calls 33856 4210e0 InterlockedCompareExchange Sleep InterlockedCompareExchange InterlockedExchange 33959 41bee8 19 API calls 33966 411a80 27 API calls 33967 40c290 QueryPerformanceCounter QueryPerformanceCounter 33867 427090 GetACP GetCPInfo 33869 401ca0 278 API calls 33970 40eaa0 28 API calls 33874 41b4b0 48 API calls 33973 41eab0 28 API calls 33979 4f9340 CoCreateInstance 33880 40d560 29 API calls 33982 417f61 29 API calls 33881 401170 12 API calls 33988 50af60 CoTaskMemAlloc 33826 4dc300 GetCommandLineA 33827 42c310 33826->33827 33886 40fd10 39 API calls 33823 44a710 33824 44a712 ExitProcess 33823->33824 33892 40d530 25 API calls 34000 41ef32 26 API calls 33893 40cdc0 17 API calls 34005 4ddfc0 64 API calls 34006 4263cc 18 API calls 33896 40d1d0 24 API calls 33898 41e5d0 GetSystemTime GetTimeZoneInformation 34007 42abd0 30 API calls 33902 41cde0 36 API calls 33905 412180 25 API calls 34014 4dd780 46 API calls 33908 428191 26 API calls

                                                                  Executed Functions

                                                                  Function 0044A710 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 0 44a710-44a719 2 44a729 0->2 3 44a71b-44a727 0->3 4 44a73a-44a748 ExitProcess 2->4 3->4
                                                                  APIs
                                                                  • ExitProcess.KERNEL32(00000000), ref: 0044A748
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: ExitProcess
                                                                  • String ID:
                                                                  • API String ID: 621844428-399585960
                                                                  • Opcode ID: 293620465462d170643fb551289f4f82b8ddd7fd95f4a21ffe41ffa866c1d984
                                                                  • Instruction ID: 4153d7d145e48ef0bfada68ad49838f97c765877aadb4e058581a2a78d09dbec
                                                                  • Opcode Fuzzy Hash: 293620465462d170643fb551289f4f82b8ddd7fd95f4a21ffe41ffa866c1d984
                                                                  • Instruction Fuzzy Hash: E7E04F75E4A25CCEEB30CA56EC017B8B775EB94316F0040EBD54D96241C6344D958F56
                                                                  Function 0044A6E0 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 5 44a6e0-44a6fa 6 44a6fc-44a706 5->6 7 44a708 5->7 8 44a712-44a719 6->8 7->8 9 44a729 8->9 10 44a71b-44a727 8->10 11 44a73a-44a748 ExitProcess 9->11 10->11
                                                                  APIs
                                                                  • ExitProcess.KERNEL32(00000000), ref: 0044A748
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: ExitProcess
                                                                  • String ID:
                                                                  • API String ID: 621844428-0
                                                                  • Opcode ID: 301b0aacc8fca0e78445999e19763b72f532b71fd961c991c7f3581a4234fff3
                                                                  • Instruction ID: 1ceb8dd2f8bb3b7ec6cf47d3eabd97270618131fd29c238ba72ea5f4f3f95bef
                                                                  • Opcode Fuzzy Hash: 301b0aacc8fca0e78445999e19763b72f532b71fd961c991c7f3581a4234fff3
                                                                  • Instruction Fuzzy Hash: 79F01C7494622DCEEF308F61C8457ACB7B0BB04315F1082EAC46D67780C3348E829F86
                                                                  Function 004DC300 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 12 4dc300-4dc310 GetCommandLineA call 42c310
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CommandLine
                                                                  • String ID:
                                                                  • API String ID: 3253501508-0
                                                                  • Opcode ID: 04003b1c6e78a75645abe312a21659dec6fb72e0dd25253600e7555adc4d96f0
                                                                  • Instruction ID: 324ae4de550c7ee1837b525cc46cc1c53208b04041f71095fcaff5b360da8b69
                                                                  • Opcode Fuzzy Hash: 04003b1c6e78a75645abe312a21659dec6fb72e0dd25253600e7555adc4d96f0
                                                                  • Instruction Fuzzy Hash: 51B012788003A00E83717B3834455CE7FF50C1D2E43844A58FCC1A3315D61488975AFA

                                                                  Non-executed Functions

                                                                  Function 004D7960 Relevance: 70.1, APIs: 20, Strings: 20, Instructions: 118COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 14 4d7960-4d796e 15 4d7977-4d797a 14->15 16 4d7970-4d7976 14->16 17 4d797c-4d7984 15->17 18 4d7985-4d7995 LoadLibraryA 15->18 19 4d7ad8-4d7aeb 18->19 20 4d799b-4d7aac GetProcAddress * 19 18->20 20->19 22 4d7aae-4d7ab5 20->22 23 4d7ab7-4d7ab9 22->23 24 4d7ad2 22->24 23->24 25 4d7abb-4d7ad1 23->25 24->19
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: WSAAsyncGetHostByName$WSAAsyncSelect$WSACancelAsyncRequest$WSACleanup$WSAGetLastError$WSAStartup$WSOCK32.DLL$accept$bind$closesocket$connect$htonl$htons$inet_addr$listen$recv$recvfrom$send$sendto$socket
                                                                  • API String ID: 0-3677570488
                                                                  • Opcode ID: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                                                  • Instruction ID: 8c9ac86f1f98df4bb1f2f2f05f7a43d8bd4a8589446ea9a4d4fdb8b68f6288ad
                                                                  • Opcode Fuzzy Hash: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                                                  • Instruction Fuzzy Hash: 5031DE71D523646AD7206BB9EC19DEF3EACFBB6704B510517F000972A0EAF88458AF94
                                                                  Function 004D9AB0 Relevance: 22.6, APIs: 15, Instructions: 136clipboardmemoryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 689 4d9ab0-4d9ab7 690 4d9abd-4d9ac0 689->690 691 4d9c1c-4d9c1d 689->691 690->691 692 4d9ac6-4d9ad4 690->692 693 4d9ada-4d9aeb call 4b8000 692->693 694 4d9ba3-4d9ba5 692->694 699 4d9c19-4d9c1b 693->699 700 4d9af1-4d9b14 call 421380 GlobalAlloc 693->700 696 4d9ba8-4d9bad 694->696 696->696 698 4d9baf-4d9bc2 GlobalAlloc 696->698 698->699 701 4d9bc4-4d9bcb GlobalLock 698->701 699->691 707 4d9b2e-4d9b3f call 52b380 700->707 708 4d9b16-4d9b28 GlobalLock call 4b81c0 GlobalUnlock 700->708 702 4d9bd0-4d9bd8 701->702 702->702 704 4d9bda-4d9bdb GlobalUnlock 702->704 706 4d9be1-4d9be3 704->706 710 4d9be9-4d9bf3 OpenClipboard 706->710 711 4d9be5-4d9be7 706->711 716 4d9b41-4d9b6b WideCharToMultiByte GlobalAlloc 707->716 717 4d9b90-4d9ba1 call 439d00 707->717 708->707 710->699 714 4d9bf5-4d9c03 EmptyClipboard 710->714 711->699 711->710 718 4d9c0a-4d9c0c 714->718 719 4d9c05-4d9c08 SetClipboardData 714->719 720 4d9b6d-4d9b70 GlobalLock 716->720 721 4d9b87-4d9b8d call 439d00 716->721 717->706 722 4d9c0e-4d9c11 SetClipboardData 718->722 723 4d9c13 CloseClipboard 718->723 719->718 725 4d9b76-4d9b7e 720->725 721->717 722->723 723->699 725->725 728 4d9b80-4d9b81 GlobalUnlock 725->728 728->721
                                                                  APIs
                                                                  • GlobalAlloc.KERNEL32(00002002,00000002), ref: 004D9B06
                                                                  • GlobalLock.KERNEL32(00000000), ref: 004D9B17
                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 004D9B28
                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000001,00000000,00000000), ref: 004D9B51
                                                                  • GlobalAlloc.KERNEL32(00002002,00000001), ref: 004D9B61
                                                                  • GlobalLock.KERNEL32(00000000), ref: 004D9B70
                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 004D9B81
                                                                  • GlobalAlloc.KERNEL32(00002002,00000003,?,?,?,00000000,0040D599,00000000,00000000), ref: 004D9BB8
                                                                  • GlobalLock.KERNEL32(00000000), ref: 004D9BC5
                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 004D9BDB
                                                                  • OpenClipboard.USER32(00000000), ref: 004D9BEB
                                                                  • EmptyClipboard.USER32 ref: 004D9BF5
                                                                  • SetClipboardData.USER32(0000000D,00000000), ref: 004D9C08
                                                                  • SetClipboardData.USER32(00000001,00000000), ref: 004D9C11
                                                                  • CloseClipboard.USER32 ref: 004D9C13
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: Global$Clipboard$AllocLockUnlock$Data$ByteCharCloseEmptyMultiOpenWide
                                                                  • String ID:
                                                                  • API String ID: 3392129136-0
                                                                  • Opcode ID: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                                                  • Instruction ID: e40826f6a6b6de4095afa5ba746f594757548e465f4129e7c784a6b23cc7d310
                                                                  • Opcode Fuzzy Hash: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                                                  • Instruction Fuzzy Hash: 7A41F371104302ABE3111B61BC99B277BFCAFA1B04F09041BF986D7341DA69EC09D7BA
                                                                  Function 00416621 Relevance: 17.9, Strings: 14, Instructions: 431COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 778 416621-416631 779 416637-41663c 778->779 780 416b2e-416b35 778->780 779->780 781 416642-416651 call 49ad90 779->781 784 416653 781->784 785 416655-41665b 781->785 784->785 786 41666d-41667a call 4848b0 785->786 787 41665d-41666b call 4848b0 785->787 792 41667e-416682 786->792 787->792 793 416684-416688 792->793 794 4166bc-4166c1 792->794 793->794 797 41668a-416692 793->797 795 4166c3 794->795 796 4166c5-4166c9 794->796 795->796 799 41686a-41687b call 40cef0 796->799 800 4166cf-4166e7 call 463050 call 411870 796->800 797->794 798 416694-41669d 797->798 798->794 801 41669f-4166ac 798->801 809 4168a5-4168ae 799->809 810 41687d-416881 799->810 800->799 818 4166ed-4167be call 4c9000 call 40ceb0 call 4900f0 call 4c9000 call 40ceb0 call 4900f0 call 4c9000 call 40ceb0 call 4900f0 call 4c9000 call 40ceb0 call 4900f0 800->818 804 4166ba 801->804 805 4166ae-4166b2 801->805 804->794 805->804 808 4166b4-4166b8 805->808 808->794 808->804 813 4168b0-4168b5 809->813 814 4168c5-4168c9 809->814 810->809 812 416883-41688b 810->812 812->809 816 41688d-416895 812->816 813->814 817 4168b7-4168c0 call 40f880 813->817 819 416b0f-416b2b call 439d00 814->819 820 4168cf-4168d9 814->820 816->809 821 416897-4168a0 call 40f880 816->821 817->814 916 4167c0-4167d5 call 4c9000 818->916 917 4167d7-4167e7 call 4c9000 818->917 819->780 825 4168f9-41690e call 415860 820->825 826 4168db-4168f3 call 463050 call 411870 820->826 821->809 837 416af2-416b0e call 439d00 825->837 838 416914-416928 825->838 826->825 826->837 842 416940-416950 838->842 843 41692a-41693b call 4900f0 838->843 847 416952-416963 call 4900f0 842->847 848 416968-416978 842->848 858 416ab6-416ac8 call 4c9030 843->858 847->858 849 416990-4169a0 848->849 850 41697a-41698b call 4900f0 848->850 855 4169a2-4169b3 call 4900f0 849->855 856 4169b8-4169c8 849->856 850->858 855->858 863 4169e0-4169f0 856->863 864 4169ca-4169db call 4900f0 856->864 876 416ad7-416aec call 415860 858->876 877 416aca-416ad2 call 4900f0 858->877 869 4169f2-416a03 call 4900f0 863->869 870 416a08-416a18 863->870 864->858 869->858 870->858 872 416a1e-416a3b call 4900f0 call 48c060 870->872 890 416a3d-416a6d call 463070 call 490dd0 call 48c060 872->890 891 416a6f-416a79 call 4023b0 872->891 876->837 876->838 877->876 890->858 890->891 891->858 901 416a7b-416a86 call 411870 891->901 901->858 908 416a88-416a9e call 48c020 call 495630 901->908 908->858 921 416aa0-416ab3 call 4900f0 call 439d00 908->921 925 4167ec-416812 call 40ceb0 call 4900f0 916->925 917->925 921->858 933 416814-416827 call 495630 925->933 934 41683f-416852 call 495630 925->934 933->934 939 416829-41683c call 4900f0 call 439d00 933->939 934->799 940 416854-416867 call 4900f0 call 439d00 934->940 939->934 940->799
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: COMM$TALB$TCON$TIT2$TPE1$TRCK$TYER$album$artist$comment$genre$songname$track$year
                                                                  • API String ID: 0-590896439
                                                                  • Opcode ID: 58e90cd763c27353f5f737474b6cde04d51412e2af52a5f89d8bdd9097ff8991
                                                                  • Instruction ID: 644f6fcce6cd6c0cf36f8c2a49984ad5006fbd26ddfeab9ab515d91a446fbcca
                                                                  • Opcode Fuzzy Hash: 58e90cd763c27353f5f737474b6cde04d51412e2af52a5f89d8bdd9097ff8991
                                                                  • Instruction Fuzzy Hash: 36D1F471204240ABDB14EA55C892BBB77E9AF84304F05482EF64587382EF7DDC49C7AA
                                                                  Function 0041B4B0 Relevance: 14.6, Strings: 11, Instructions: 874COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: _level$gfff$gfff$landscape$paperHeight$portrait$printAsBitmap$xMax$xMin$yMax$yMin
                                                                  • API String ID: 0-188115620
                                                                  • Opcode ID: dea08f720592daa481637ef8359b17615b2d3d0a0cce9d10a90a14ebba861c01
                                                                  • Instruction ID: 70ff334641663e0afb433915ac50cfd4971647fdd0d0ab24e810831b83e0dab3
                                                                  • Opcode Fuzzy Hash: dea08f720592daa481637ef8359b17615b2d3d0a0cce9d10a90a14ebba861c01
                                                                  • Instruction Fuzzy Hash: 7C6290706047019FC714DF29D491AABB7E1FF88344F14896EF58A8B791DB38E884CB99
                                                                  Function 004D9C20 Relevance: 7.5, APIs: 5, Instructions: 30clipboardCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • OpenClipboard.USER32(00000000), ref: 004D9C27
                                                                  • GetClipboardData.USER32(00000001), ref: 004D9C3A
                                                                  • GetClipboardData.USER32(0000000D), ref: 004D9C42
                                                                  • GetClipboardData.USER32(00000000), ref: 004D9C4B
                                                                  • CloseClipboard.USER32 ref: 004D9C56
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: Clipboard$Data$CloseOpen
                                                                  • String ID:
                                                                  • API String ID: 464010812-0
                                                                  • Opcode ID: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                                                  • Instruction ID: 2f18cbc0f6c8a3dbd26954e8439ab7c802a903eab365c315afdcc22c9d276e9e
                                                                  • Opcode Fuzzy Hash: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                                                  • Instruction Fuzzy Hash: 41E09AB230022517EB9026BA6C4CF97A2EC9F54F90F050123F604C6340E6A6CC0457B1
                                                                  Function 00420670 Relevance: 6.9, Strings: 5, Instructions: 624COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $K$gfff$gfff$gfff
                                                                  • API String ID: 0-1048959944
                                                                  • Opcode ID: d12f4ee0db7e837eeaddada9b02ab57d1ed414e4daef55ec7281e1621cc72c7d
                                                                  • Instruction ID: 9d2a5138eda07fb78ed16dc27847904d5eff4784a57d1f73a6c8b6feaa4118fd
                                                                  • Opcode Fuzzy Hash: d12f4ee0db7e837eeaddada9b02ab57d1ed414e4daef55ec7281e1621cc72c7d
                                                                  • Instruction Fuzzy Hash: 91426DB06083558FC728CF19D590A6BBBE5BFC8304F44895EF88A8B352D738D945CB96
                                                                  Function 004C9670 Relevance: 4.5, APIs: 3, Instructions: 30threadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetCurrentThreadId.KERNEL32 ref: 004C9674
                                                                  • GetKeyboardLayout.USER32(00000000), ref: 004C967B
                                                                  • GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,?,?,004D9D12,?,000000FF), ref: 004C9693
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CurrentInfoKeyboardLayoutLocaleThread
                                                                  • String ID:
                                                                  • API String ID: 4094687451-0
                                                                  • Opcode ID: 1ddd6823bd2bc3ee9e8a39c3bbd18c243f80e9d84aa9d73e1ce1e55aef709746
                                                                  • Instruction ID: c18c3e67b2d418a81a9ed34cd04b46ff7c576915d0efad72319c368f8fc6f991
                                                                  • Opcode Fuzzy Hash: 1ddd6823bd2bc3ee9e8a39c3bbd18c243f80e9d84aa9d73e1ce1e55aef709746
                                                                  • Instruction Fuzzy Hash: A9E0E57A6003107BD601EB68BC09FAB77F8AB54B01F408419FA44C2280E338D90897FB
                                                                  Function 0040ACD0 Relevance: 3.3, Strings: 2, Instructions: 796COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $
                                                                  • API String ID: 0-227171996
                                                                  • Opcode ID: 395a1bfc07a86bc1b17be198384b933d6e74c24733d271f90db895820ae6568e
                                                                  • Instruction ID: e3b698b264220c6a4a7ff30e5bd10faba35ce6b07e42392d760f651db3adf898
                                                                  • Opcode Fuzzy Hash: 395a1bfc07a86bc1b17be198384b933d6e74c24733d271f90db895820ae6568e
                                                                  • Instruction Fuzzy Hash: E46249716183419FC364CF29C980A6BB7E5FFC8304F148A2EE59997391D738E905CB9A
                                                                  Function 004CE5B0 Relevance: 3.0, APIs: 2, Instructions: 31timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetSystemTime.KERNEL32(?,?,004CE646,?,0041E572), ref: 004CE5B7
                                                                  • GetTimeZoneInformation.KERNEL32(00563D90,?,?,004CE646,?,0041E572), ref: 004CE607
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: Time$InformationSystemZone
                                                                  • String ID:
                                                                  • API String ID: 702727434-0
                                                                  • Opcode ID: f738a3c553d765e04b5bec4b324b6c4fee79bb83ad17f4052d4625c48ac5b856
                                                                  • Instruction ID: 027c201d87c87fe04e998a3dacbc9da3b97e28b55a26ca5f2fa1b84a2cf7f3f2
                                                                  • Opcode Fuzzy Hash: f738a3c553d765e04b5bec4b324b6c4fee79bb83ad17f4052d4625c48ac5b856
                                                                  • Instruction Fuzzy Hash: E9011D78608201DBC310BF09E85556BB7F9FB78B10FC0850AE48583321E3F68D88DB29
                                                                  Function 0052B440 Relevance: 2.5, APIs: 2, Instructions: 7memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetProcessHeap.KERNEL32(00000000,?,00528C3A,-00000003), ref: 0052B447
                                                                  • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004012F9), ref: 0052B44E
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: Heap$AllocProcess
                                                                  • String ID:
                                                                  • API String ID: 1617791916-0
                                                                  • Opcode ID: 59176d969d8d5ab64b55edfac97e4b95670c40f205a4eeb4c3389c15a55de6de
                                                                  • Instruction ID: 2d67d1c8230b34df0e9697497b7d0e8b3de7afbebdcce056a4f33b586f436b97
                                                                  • Opcode Fuzzy Hash: 59176d969d8d5ab64b55edfac97e4b95670c40f205a4eeb4c3389c15a55de6de
                                                                  • Instruction Fuzzy Hash: 61B092B9604200ABDE009BA0AE0CB1BB678AB54702F000400B619C1160C630C804EB31
                                                                  Function 0043C3C0 Relevance: 1.6, Strings: 1, Instructions: 309COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: R
                                                                  • API String ID: 0-1968290334
                                                                  • Opcode ID: 8546aa269060c6db0e10336a880f1cd0ec7275522bd7a3a93064d1100faa0acd
                                                                  • Instruction ID: ce0d7d11e4424d034f190161494b7aac1bec0c29b2276794a3ebc18ef3406d1c
                                                                  • Opcode Fuzzy Hash: 8546aa269060c6db0e10336a880f1cd0ec7275522bd7a3a93064d1100faa0acd
                                                                  • Instruction Fuzzy Hash: 84C1D1B2E041689AFB208A14DC84BFBB775FF95310F1480FAD84DA7641D6791EC28F66
                                                                  Function 004F9340 Relevance: 1.5, APIs: 1, Instructions: 35comCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CoCreateInstance.OLE32(00549E88,00000000,00000001,0054A654,?,?,?,004FB325,?,?,00000000,7750E820), ref: 004F9365
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CreateInstance
                                                                  • String ID:
                                                                  • API String ID: 542301482-0
                                                                  • Opcode ID: 32cc378c3d08419dc9c729465278953167982d40ee5e1f975ead0e7be58d7922
                                                                  • Instruction ID: d33697237a28c181885f9fc6147cb760b8f27fbda8fa23562785bbd0682874fe
                                                                  • Opcode Fuzzy Hash: 32cc378c3d08419dc9c729465278953167982d40ee5e1f975ead0e7be58d7922
                                                                  • Instruction Fuzzy Hash: E8F0823270111167D7288A2EEC45BE7B7D9AFD8710B05412ABD04D7280D7A0EC418594
                                                                  Function 004CB0E0 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: Version
                                                                  • String ID:
                                                                  • API String ID: 1889659487-0
                                                                  • Opcode ID: ee60f9e95fcef11a94c07e1fc1ede8b3207cc5aa390eaa880cb51700aab72f76
                                                                  • Instruction ID: 055774edfa36a1cc0f2afeca4167b9a8919af704cd7fbd49c209ae17ea6089f8
                                                                  • Opcode Fuzzy Hash: ee60f9e95fcef11a94c07e1fc1ede8b3207cc5aa390eaa880cb51700aab72f76
                                                                  • Instruction Fuzzy Hash: D3E0C22C0042804EE7608F38A90AB593BB1AB65244F8804DCD4E443213D3B9021FE766
                                                                  Function 00429E10 Relevance: 1.0, Instructions: 955COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: dc5a42f13e7841349ae14dd0d814db7469e84fc1a093c776fc8443455eaf0811
                                                                  • Instruction ID: 01d32cbd04fd490b405bbb3076ca95c53af9ac6c7c72bf4527c2ddcebbd18577
                                                                  • Opcode Fuzzy Hash: dc5a42f13e7841349ae14dd0d814db7469e84fc1a093c776fc8443455eaf0811
                                                                  • Instruction Fuzzy Hash: D58269703083119FD714DF29E580B6BB7E5BB98708F84895EE8898B341D738EC56CB5A
                                                                  Function 00464EE0 Relevance: .6, Instructions: 557COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a904873dfafe76d50723d2220b700b55706c147e6e180d2363eb77a360958730
                                                                  • Instruction ID: 96a45275b5f9c73a41d1d8337e9608839c2e373e62523567d3dab65913c056f8
                                                                  • Opcode Fuzzy Hash: a904873dfafe76d50723d2220b700b55706c147e6e180d2363eb77a360958730
                                                                  • Instruction Fuzzy Hash: 1212AF71608B019BC714DF69C890AABB3F5BF88304F444A2EF585C3741E778E949CB9A
                                                                  Function 0047DA00 Relevance: .4, Instructions: 445COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 04095868b29765f6348be8197726760830473c8083571c9ba6bc4c95f4dee8ec
                                                                  • Instruction ID: 498cbeb692f4c70c8915f573c8722a097fb1111c7146c1bbe368278cd5f5e3e7
                                                                  • Opcode Fuzzy Hash: 04095868b29765f6348be8197726760830473c8083571c9ba6bc4c95f4dee8ec
                                                                  • Instruction Fuzzy Hash: 5F02CE71A04B049FD310CF29E84679AB7F5FFD8304F04892EF4CA96691D7B8E4699B09
                                                                  Function 0040A020 Relevance: .3, Instructions: 298COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 927d87f6a08cd34fb77d99441a45c3a4ce47cf1e0f25776f7bb3331dde36990d
                                                                  • Instruction ID: 1e7c3244e7452ae8d69b03c5c8d6f6dafe267a2916603bd4dd3bb4cac85038a4
                                                                  • Opcode Fuzzy Hash: 927d87f6a08cd34fb77d99441a45c3a4ce47cf1e0f25776f7bb3331dde36990d
                                                                  • Instruction Fuzzy Hash: FCC15171A087A28FC304CF5884C0406FFE2BED535072DC7AAD8985B3A6D378A899D7D5
                                                                  Function 0042D39B Relevance: .2, Instructions: 226COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 328fd253c3d3266b9f1183c168a7c073fa13225f90af89d8ccac7b3aac2585fb
                                                                  • Instruction ID: bfa59705cebf717bb77a31e3df0fdea1df1b133d84f49527330e693498930ead
                                                                  • Opcode Fuzzy Hash: 328fd253c3d3266b9f1183c168a7c073fa13225f90af89d8ccac7b3aac2585fb
                                                                  • Instruction Fuzzy Hash: 0091A4B2D001285FF728CA18DD56AEBBB79EB84314F0541BBE40DA6684D7785FC1CE42
                                                                  Function 0042D300 Relevance: .2, Instructions: 191COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6a5c0a1541d3030db029717021fe89afd2a5752fc6c068978f495cf4b702206e
                                                                  • Instruction ID: daade82ce8e1d1b2ee71ce6920598c29f2be78123f22ed51f0027d5a07208b60
                                                                  • Opcode Fuzzy Hash: 6a5c0a1541d3030db029717021fe89afd2a5752fc6c068978f495cf4b702206e
                                                                  • Instruction Fuzzy Hash: F471E8B2D001285FF768CA18DD56AEBBB78EB45314F0541FBE80DA6680D6385FC5CE52
                                                                  Function 0042D4F9 Relevance: .1, Instructions: 146COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 68be6958af1c6a53e962f91bcc0efa0a9d1af6a4e755137e866c4c74eff88070
                                                                  • Instruction ID: 95a1ac05ea7bf9e85cb9af7e548825cad19751d86e8640f90a726477929908b6
                                                                  • Opcode Fuzzy Hash: 68be6958af1c6a53e962f91bcc0efa0a9d1af6a4e755137e866c4c74eff88070
                                                                  • Instruction Fuzzy Hash: 6351B5B2D011285FF768CA18DE56AEBBB78EF94314F0541BBE40DA6680D6385FC4CD42
                                                                  Function 0045E870 Relevance: .1, Instructions: 90COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 75b50ff1b9ba4dd892b9e41ada2c345e4812fadd8f996589414a3cb6cb0e819a
                                                                  • Instruction ID: 53d2608e8c54cd10bb4b85a771cf95748db63415cbca46aee886de67e8a57e6b
                                                                  • Opcode Fuzzy Hash: 75b50ff1b9ba4dd892b9e41ada2c345e4812fadd8f996589414a3cb6cb0e819a
                                                                  • Instruction Fuzzy Hash: E0218EB1B054214FDB2C9B0E942113AB7E3EFDE30234A82BEE8579B3A9D9741D11D694
                                                                  Function 004F4A60 Relevance: 43.9, APIs: 22, Strings: 7, Instructions: 376COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 26 4f4a60-4f4a93 EnterCriticalSection 27 4f4a95-4f4a9d 26->27 28 4f4aa3-4f4aab 26->28 27->28 29 4f4aad-4f4ab5 28->29 30 4f4abb-4f4ac3 28->30 29->30 31 4f4ac5-4f4acd 30->31 32 4f4ad3-4f4adb 30->32 31->32 33 4f4aed-4f4af5 32->33 34 4f4add-4f4ae7 32->34 35 4f4afb-4f4b07 LeaveCriticalSection 33->35 36 4f4bf2-4f4bfe LeaveCriticalSection 33->36 34->33 37 4f4b09-4f4b19 35->37 38 4f4b21-4f4b27 35->38 39 4f4c18-4f4c1e 36->39 40 4f4c00-4f4c10 36->40 37->38 41 4f4b29-4f4b39 38->41 42 4f4b41-4f4b47 38->42 43 4f4c38-4f4c3e 39->43 44 4f4c20-4f4c30 39->44 40->39 41->42 45 4f4bbb-4f4bc1 42->45 46 4f4b49-4f4b69 42->46 47 4f4cb2-4f4cb8 43->47 48 4f4c40-4f4c60 43->48 44->43 51 4f4f2f-4f4f35 45->51 52 4f4bc7-4f4bf1 45->52 53 4f4b6b 46->53 54 4f4b71-4f4bb8 call 462e80 call 4a5380 call 439d00 46->54 55 4f4cdc-4f4d05 EnterCriticalSection LeaveCriticalSection 47->55 56 4f4cba-4f4cd4 47->56 49 4f4c68-4f4caf call 462e80 call 4a5380 call 439d00 48->49 50 4f4c62 48->50 49->47 50->49 53->54 54->45 59 4f4f2e 55->59 60 4f4d0b-4f4d1c EnterCriticalSection LeaveCriticalSection 55->60 56->55 59->51 64 4f4d24-4f4d42 EnterCriticalSection 60->64 65 4f4df8-4f4e1d EnterCriticalSection call 4f3bc0 LeaveCriticalSection 64->65 66 4f4d48-4f4d50 64->66 77 4f4e1f-4f4e2b 65->77 78 4f4e3b-4f4e46 call 4f3340 65->78 66->65 69 4f4d56-4f4d6e EnterCriticalSection LeaveCriticalSection 66->69 73 4f4d74-4f4df1 EnterCriticalSection LeaveCriticalSection EnterCriticalSection LeaveCriticalSection 69->73 74 4f4df3 69->74 73->65 73->74 74->65 81 4f4e2d 77->81 82 4f4e32-4f4e34 77->82 89 4f4e97-4f4e9c LeaveCriticalSection 78->89 90 4f4e48-4f4e4d 78->90 81->82 82->78 87 4f4e36-4f4e39 82->87 87->78 87->89 91 4f4ea2-4f4ebd EnterCriticalSection 89->91 92 4f4e4f-4f4e51 90->92 93 4f4e69-4f4e73 call 4f3d00 90->93 96 4f4ebf-4f4ec1 91->96 97 4f4ed8-4f4ee5 LeaveCriticalSection 91->97 92->93 94 4f4e53-4f4e55 92->94 101 4f4e78-4f4e8f LeaveCriticalSection 93->101 94->93 100 4f4e57-4f4e67 call 4ff020 call 439d00 94->100 102 4f4eca-4f4ed2 96->102 103 4f4ec3-4f4ec8 96->103 98 4f4f0c-4f4f12 97->98 99 4f4ee7-4f4efb EnterCriticalSection 97->99 98->59 107 4f4f14-4f4f29 98->107 104 4f4efd 99->104 105 4f4f01-4f4f06 LeaveCriticalSection 99->105 100->101 101->64 108 4f4e95 101->108 102->97 103->97 104->105 105->98 107->59 108->91
                                                                  APIs
                                                                  • EnterCriticalSection.KERNEL32 ref: 004F4A89
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4AFB
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4BF2
                                                                  • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F4CEA
                                                                  • LeaveCriticalSection.KERNEL32(?,?), ref: 004F4CFD
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 004F4D17
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4D1A
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 004F4D36
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 004F4D5D
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4D66
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 004F4D81
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4D87
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 004F4DB6
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4DC0
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 004F4E05
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4E11
                                                                  • LeaveCriticalSection.KERNEL32(?,00000000), ref: 004F4E7D
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4E9C
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 004F4EB3
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4ED9
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 004F4EF4
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4F06
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$Leave$Enter
                                                                  • String ID: NetStream.Play.Start$NetStream.Play.Stop$NetStream.Play.StreamNotFound$NetStream.Seek.InvalidTime$NetStream.Seek.Notify$error$status
                                                                  • API String ID: 2978645861-761530088
                                                                  • Opcode ID: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                                                  • Instruction ID: 162dc2aece2cb8deeda7270d3cf99ca9d96a23cce06d37320eaaf024755f17c1
                                                                  • Opcode Fuzzy Hash: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                                                  • Instruction Fuzzy Hash: C7E190352047459FD320DB34C845BABBBE1BF89714F04895DE9AA57382CB74F80ACB65
                                                                  Function 004D5D20 Relevance: 23.0, APIs: 4, Strings: 9, Instructions: 284COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 590 4d5d20-4d5d40 call 435350 593 4d6069-4d6073 590->593 594 4d5d46-4d5d56 call 435400 590->594 597 4d5d58-4d5d6f DestroyWindow 594->597 598 4d5d72-4d5d82 call 435400 594->598 601 4d5dab-4d5dbb call 435400 598->601 602 4d5d84-4d5da8 call 4d5380 call 4db4e0 598->602 607 4d5dbd-4d5dec call 4d5380 call 4a7ac0 601->607 608 4d5def-4d5dff call 435400 601->608 616 4d5fdc-4d5fec call 435400 608->616 617 4d5e05-4d5e12 608->617 630 4d5fee-4d602f call 4d5380 GetMenu call 4dad30 616->630 631 4d6032-4d6042 call 435400 616->631 620 4d5e14-4d5e16 617->620 621 4d5e41-4d5e55 GetModuleFileNameA 617->621 625 4d5e1c-4d5e1e 620->625 626 4d5e18-4d5e1a 620->626 622 4d605c-4d6066 621->622 623 4d5e5b-4d5e5c 621->623 623->622 629 4d5e62-4d5e69 623->629 627 4d5e24-4d5e26 625->627 628 4d5e20-4d5e22 625->628 626->625 632 4d5e38-4d5e3f 626->632 634 4d5e2c-4d5e2e 627->634 635 4d5e28-4d5e2a 627->635 628->627 628->632 636 4d5e6b-4d5e6e 629->636 637 4d5e80-4d5e82 629->637 631->593 644 4d6044-4d6056 call 4d5380 631->644 632->620 632->621 634->632 640 4d5e30-4d5e32 634->640 635->632 635->634 636->637 641 4d5e70-4d5e71 636->641 637->622 643 4d5e88-4d5e92 637->643 640->622 640->632 641->629 645 4d5e73-4d5e7d 641->645 647 4d5e95-4d5e9a 643->647 644->622 647->647 650 4d5e9c-4d5ec2 call 52b380 * 2 647->650 656 4d5fbf-4d5fd9 call 439d00 * 2 650->656 657 4d5ec8-4d5eca 650->657 657->656 659 4d5ed0-4d5eda 657->659 661 4d5ee0-4d5ee8 659->661 661->661 663 4d5eea-4d5eed 661->663 665 4d5ef0-4d5ef6 663->665 665->665 666 4d5ef8-4d5f20 665->666 667 4d5f22-4d5f2a 666->667 667->667 668 4d5f2c-4d5f30 667->668 669 4d5f33-4d5f39 668->669 669->669 670 4d5f3b-4d5f4d 669->670 671 4d5f50-4d5f55 670->671 671->671 672 4d5f57-4d5f5d 671->672 673 4d5f60-4d5f66 672->673 673->673 674 4d5f68-4d5fb9 CreateProcessA 673->674 674->656
                                                                  APIs
                                                                  • DestroyWindow.USER32(?,?,?,?,?), ref: 004D5D5F
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: DestroyWindow
                                                                  • String ID: D$FSCommand:$\fscommand$allowscale$exec$fullscreen$quit$showmenu$trapallkeys
                                                                  • API String ID: 3375834691-1928458085
                                                                  • Opcode ID: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                                                  • Instruction ID: 7647b0b3e504c4bbb0374484e0d8b702cf2a7569de5a553b4a60fd35f403e9ef
                                                                  • Opcode Fuzzy Hash: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                                                  • Instruction Fuzzy Hash: 27914C35504B015BCB24EF28EC617FBB791AFA6309F44451FE8888B341DB2A990BC7D9
                                                                  Function 004DB4E0 Relevance: 22.7, APIs: 15, Instructions: 180windowCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  • GetWindowLongA.USER32(?,000000F0), ref: 004DB511
                                                                  • GetWindowRect.USER32(?,?), ref: 004DB531
                                                                  • GetClientRect.USER32(?,?), ref: 004DB541
                                                                  • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB55D
                                                                  • GetMenu.USER32(?), ref: 004DB581
                                                                  • SetMenu.USER32(?,00000000), ref: 004DB596
                                                                  • GetDesktopWindow.USER32 ref: 004DB5B0
                                                                  • GetWindowRect.USER32(00000000,?), ref: 004DB5BC
                                                                  • SetWindowPos.USER32(?,00000000,?,?,?,?,00000000,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB5E1
                                                                  • GetWindowLongA.USER32(?,000000F0), ref: 004DB604
                                                                  • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB62A
                                                                  • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB66D
                                                                  • GetWindowRect.USER32(?,?), ref: 004DB6A5
                                                                  • GetClientRect.USER32(?,?), ref: 004DB6B7
                                                                  • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB702
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: Window$Rect$Long$ClientMenuMove$Desktop
                                                                  • String ID:
                                                                  • API String ID: 3087884050-0
                                                                  • Opcode ID: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                                                  • Instruction ID: afb7dc4107877f96dc9ff69242aee4b267e14dc018c2a581ac30f1de2d6509eb
                                                                  • Opcode Fuzzy Hash: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                                                  • Instruction Fuzzy Hash: 1C61F7756047009FE714CF79D888FA7B7E9EB98314F108A1EE5AA83344DE74B8088B65
                                                                  Function 004CFE40 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 164registryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 730 4cfe40-4cfe62 731 4cfe68-4cfe6d call 497d20 730->731 732 4cffe0-4cfffd RegOpenKeyExA 730->732 741 4cfe6f call 4cb0e0 731->741 734 4cffff-4d002b RegQueryValueExA 732->734 735 4d0049-4d0059 732->735 736 4d002d-4d0039 call 435020 734->736 737 4d003e-4d0042 734->737 736->737 740 4d0043 RegCloseKey 737->740 740->735 742 4cfe74-4cfe76 741->742 743 4cfe7c-4cfe99 RegOpenKeyExW 742->743 744 4cff3f-4cff5c RegOpenKeyExA 742->744 743->735 746 4cfe9f-4cfecb RegQueryValueExW 743->746 744->735 745 4cff62-4cff8e RegQueryValueExA 744->745 747 4cffd9-4cffde 745->747 748 4cff90-4cff93 745->748 746->737 749 4cfed1-4cfee3 call 4b8350 746->749 747->740 750 4cffc8-4cffd4 call 435020 748->750 751 4cff95-4cffa9 call 4b8440 748->751 749->737 756 4cfee9-4cfeec 749->756 750->747 751->747 760 4cffab-4cffc6 call 435020 call 439d00 751->760 758 4cfeee-4cff04 call 435020 call 439d00 756->758 759 4cff09-4cff1e call 4d9d70 call 439d00 756->759 758->737 759->737 773 4cff24-4cff3a call 435020 call 439d00 759->773 760->740 773->737
                                                                  APIs
                                                                  • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFE8F
                                                                  • RegQueryValueExW.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFEC1
                                                                  • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFF52
                                                                  • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFF84
                                                                  • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFFF3
                                                                  • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004D0021
                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 004D0043
                                                                    • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: OpenQueryValue$CloseVersion
                                                                  • String ID: AppData$AppData$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                                                  • API String ID: 3944000476-502054578
                                                                  • Opcode ID: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                                                  • Instruction ID: f72081d33d1e3e5e856db847e9c33e0e25e3821136d69a0383b26c3c547fa845
                                                                  • Opcode Fuzzy Hash: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                                                  • Instruction Fuzzy Hash: 0151B2715087017BC725DB50EC95FAB73E8AF88754F00891EF98553381EAB9D80AC7AA
                                                                  Function 004F5FC0 Relevance: 17.8, APIs: 14, Instructions: 252COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 949 4f5fc0-4f5fd7 950 4f5fdd-4f5ff0 call 4f5cb0 949->950 951 4f6093-4f6095 949->951 963 4f605d-4f6065 950->963 964 4f5ff2-4f6058 call 4fe010 950->964 953 4f60f7-4f60f9 951->953 954 4f6097-4f609f 951->954 956 4f60ff-4f6101 953->956 957 4f61a1 953->957 958 4f60b2-4f60ba 954->958 959 4f60a1-4f60a6 954->959 961 4f62e5-4f62ec 956->961 965 4f6107-4f6148 EnterCriticalSection LeaveCriticalSection EnterCriticalSection LeaveCriticalSection call 4f2bf0 956->965 960 4f61a7-4f61a9 957->960 957->961 958->953 962 4f60bc-4f60be 958->962 959->958 966 4f60a8-4f60b0 959->966 960->961 967 4f61af-4f61c2 call 4f24f0 960->967 968 4f60d3 962->968 969 4f60c0-4f60c5 962->969 963->951 971 4f6067-4f607c EnterCriticalSection 963->971 964->963 980 4f614a 965->980 981 4f6167-4f6174 call 4f2bf0 965->981 966->958 966->962 983 4f624e-4f625b call 4f24f0 967->983 984 4f61c8-4f61ce 967->984 975 4f60d9-4f60f2 call 4e5ec0 968->975 969->968 974 4f60c7-4f60d1 969->974 976 4f607e 971->976 977 4f6085-4f608d LeaveCriticalSection 971->977 974->968 974->975 975->953 976->977 977->951 982 4f6150-4f6165 call 4f3d00 call 4f2bf0 980->982 981->961 997 4f617a 981->997 982->981 983->961 998 4f6261 983->998 989 4f61d0-4f61df EnterCriticalSection 984->989 994 4f61e6-4f61ef 989->994 995 4f61e1 989->995 1000 4f6201-4f620a 994->1000 1001 4f61f1-4f61ff 994->1001 995->994 1002 4f6180-4f6195 call 4f3d00 call 4f2bf0 997->1002 1003 4f6267-4f6276 EnterCriticalSection 998->1003 1005 4f6211-4f622b LeaveCriticalSection EnterCriticalSection 1000->1005 1001->1005 1021 4f6197-4f619e 1002->1021 1007 4f627d-4f6286 1003->1007 1008 4f6278 1003->1008 1009 4f622d-4f6233 1005->1009 1010 4f6240-4f624c LeaveCriticalSection 1005->1010 1012 4f6298-4f62a1 1007->1012 1013 4f6288-4f6296 1007->1013 1008->1007 1014 4f623a-4f623d 1009->1014 1015 4f6235-4f6238 1009->1015 1010->983 1010->989 1017 4f62a8-4f62c2 LeaveCriticalSection EnterCriticalSection 1012->1017 1013->1017 1014->1010 1015->1010 1019 4f62d7-4f62e3 LeaveCriticalSection 1017->1019 1020 4f62c4-4f62ca 1017->1020 1019->961 1019->1003 1022 4f62cc-4f62cf 1020->1022 1023 4f62d1-4f62d4 1020->1023 1022->1019 1023->1019
                                                                  APIs
                                                                  • EnterCriticalSection.KERNEL32(?,?,00000000,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F606E
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F608D
                                                                  • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6111
                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F611B
                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F612B
                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6135
                                                                    • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                                                    • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                                                    • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                                                    • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                                                    • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                                                    • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                                                  • EnterCriticalSection.KERNEL32(?,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F61D1
                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6212
                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F621C
                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6244
                                                                  • EnterCriticalSection.KERNEL32(?,00000001,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6268
                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62A9
                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62B3
                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62DB
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$EnterLeave
                                                                  • String ID:
                                                                  • API String ID: 3168844106-0
                                                                  • Opcode ID: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                                                  • Instruction ID: 143f1fb28292c6c8f5848ec82d72cb0c1768edffe3cb57bca7300ec5568bca4f
                                                                  • Opcode Fuzzy Hash: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                                                  • Instruction Fuzzy Hash: 2AA1113020430E8BC725DF349854BBBBBB9AF94304F15056EFA5687382DB79E809CB65
                                                                  Function 004D7EF0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 92COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • StartDocA.GDI32(?,00000000), ref: 004D7F29
                                                                  • GetDeviceCaps.GDI32(?,00000008), ref: 004D7F47
                                                                  • GetDeviceCaps.GDI32(?,0000000A), ref: 004D7F55
                                                                  • LPtoDP.GDI32(00000000,00000002), ref: 004D7F83
                                                                  • GetDeviceCaps.GDI32(00000000,0000006E), ref: 004D7FA0
                                                                  • GetDeviceCaps.GDI32(00000000,0000006F), ref: 004D7FAE
                                                                  • GetDeviceCaps.GDI32(00000000,00000058), ref: 004D7FBC
                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004D7FD2
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CapsDevice$Start
                                                                  • String ID: portrait
                                                                  • API String ID: 1738886688-2504013051
                                                                  • Opcode ID: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                                                  • Instruction ID: 78bfa520cedcb1c13f518f393ea8421dc938ea51f70754ce75912898c89e0c82
                                                                  • Opcode Fuzzy Hash: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                                                  • Instruction Fuzzy Hash: 7641DFB0604B109FC324DF2AD980A1AFBF5BF98710F108A1EE58A877A1D771E845CF91
                                                                  Function 004F7040 Relevance: 15.3, APIs: 10, Instructions: 296timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • EnterCriticalSection.KERNEL32(?,00000000,?,00000000,00000000,?,004AC0BD,?,?), ref: 004F705A
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F7081
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 004F709A
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F70A3
                                                                  • timeGetTime.WINMM(00000000,00000000,00000000,00000000,?), ref: 004F7390
                                                                  • LeaveCriticalSection.KERNEL32(?,?), ref: 004F73D5
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$Leave$Enter$Timetime
                                                                  • String ID:
                                                                  • API String ID: 4022644143-0
                                                                  • Opcode ID: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                                                  • Instruction ID: 3d57daaa4b40982c2e4bbac1192c2a7fdd3e5fb289d79a2cbb097eeb1d58369f
                                                                  • Opcode Fuzzy Hash: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                                                  • Instruction Fuzzy Hash: 60A12B303083495BC7259F398890BBBBBE59F85700F04456EFA9AC7392DB6CE905D768
                                                                  Function 004F2A10 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 79timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • EnterCriticalSection.KERNEL32(?,?,?,00000000,004F7352,?), ref: 004F2A19
                                                                  • timeGetTime.WINMM ref: 004F2A25
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F2A39
                                                                  • timeGetTime.WINMM(?), ref: 004F2A46
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F2AD7
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$LeaveTimetime$Enter
                                                                  • String ID: NetStream.Buffer.Empty$NetStream.Buffer.Full$status
                                                                  • API String ID: 2943255653-4242577526
                                                                  • Opcode ID: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                                                  • Instruction ID: adfbc573f46a5ae42de3eb127535f59d6c3a8125dfae6686c248f3bcdabba04f
                                                                  • Opcode Fuzzy Hash: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                                                  • Instruction Fuzzy Hash: 33217471740705ABD7308F14DD86B6BB7A4FB50B21F24462BF267966D0C7B4B8408754
                                                                  Function 004F3EC0 Relevance: 13.7, APIs: 9, Instructions: 245COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B64,00000002), ref: 004F3ED0
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F3EDE
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F3F20
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$Leave$Enter
                                                                  • String ID:
                                                                  • API String ID: 2978645861-0
                                                                  • Opcode ID: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                                                  • Instruction ID: 85195bc957575009e4a7604c5a43e45099f91f30af12cfc7e5b33174ac27f883
                                                                  • Opcode Fuzzy Hash: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                                                  • Instruction Fuzzy Hash: BF81C0316047494FC724DF39989057BB7F1AF853117148A2FE6A787B81DB38E805CB68
                                                                  Function 00401170 Relevance: 13.6, APIs: 9, Instructions: 124timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 00401181
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004011B1
                                                                  • timeGetTime.WINMM ref: 004011C5
                                                                  • timeGetTime.WINMM ref: 004011D5
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 004011E3
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 0040122A
                                                                  • timeGetTime.WINMM ref: 0040123E
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 00401261
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 0040129E
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$EnterLeaveTimetime
                                                                  • String ID:
                                                                  • API String ID: 3486229058-0
                                                                  • Opcode ID: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                                                  • Instruction ID: b4a63a4f06c8fcffd2d454e61e85ed039b73bf68413dd997414ba6e559c29426
                                                                  • Opcode Fuzzy Hash: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                                                  • Instruction Fuzzy Hash: 6641D6357003148FCB309F60E80466BB7F4AF6575470486AEE896BB3E1DB38EC459AA5
                                                                  Function 00411A80 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 394COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • InterlockedExchange.KERNEL32(00000020,00000000), ref: 00411B68
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: ExchangeInterlocked
                                                                  • String ID: GET$_bytesLoaded$_bytesTotal$_customHeaders$contentType$loaded
                                                                  • API String ID: 367298776-2876428247
                                                                  • Opcode ID: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                                                  • Instruction ID: 337a073203a489cf9af6a636d5e82807fd5ac3b12a53b57697a6972a4ae57270
                                                                  • Opcode Fuzzy Hash: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                                                  • Instruction Fuzzy Hash: F6D126706047056BC714EF65D842AABB7E5BF88304F404A2EFA4687392EB38F945C799
                                                                  Function 004F34D0 Relevance: 11.4, APIs: 9, Instructions: 158COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,004F5BA3,00000000), ref: 004F34EA
                                                                  • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3537
                                                                  • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3545
                                                                  • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3556
                                                                  • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F355F
                                                                  • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3594
                                                                  • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F359D
                                                                  • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36AD
                                                                  • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36BB
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$Enter$Leave
                                                                  • String ID:
                                                                  • API String ID: 2801635615-0
                                                                  • Opcode ID: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                                                  • Instruction ID: 93c01fc31a9ee7373f9c1d93048bf40271cec5808ab28bfcb2eca2428eaae834
                                                                  • Opcode Fuzzy Hash: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                                                  • Instruction Fuzzy Hash: 1F51BE3020474A9BD7249F319558BBBBBF8AF84742F04485EE5DEC3361DB28EA08C724
                                                                  Function 004F36F0 Relevance: 11.3, APIs: 9, Instructions: 87COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?), ref: 004F3709
                                                                  • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F374C
                                                                  • LeaveCriticalSection.KERNEL32(?,?), ref: 004F375C
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 004F376D
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F377A
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F37A9
                                                                  • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F37C5
                                                                  • LeaveCriticalSection.KERNEL32(?,?), ref: 004F37D5
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F37EC
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$Leave$Enter
                                                                  • String ID:
                                                                  • API String ID: 2978645861-0
                                                                  • Opcode ID: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                                                  • Instruction ID: 1822ab8b2bc00c4b335a7296647f06df4fe24da2c1cedc303b1505dbbb5a7089
                                                                  • Opcode Fuzzy Hash: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                                                  • Instruction Fuzzy Hash: 2831D1B11087894BC610AF35A9807EBFBF8BF89714F04499DE5E953251C734AA1DC726
                                                                  Function 004D7D40 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 102networkCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: gethostbynamehtonlhtonsinet_addr
                                                                  • String ID: localhost
                                                                  • API String ID: 4009071410-2663516195
                                                                  • Opcode ID: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                                                  • Instruction ID: cf482c115b2fa46a5b5609c5aae3d134ea41c2cdeafd480f3feffcf81808ee73
                                                                  • Opcode Fuzzy Hash: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                                                  • Instruction Fuzzy Hash: 9131ED30208311ABDB20DF249C85BBBB7E5FF95710F004A1EF9559B381E7719948C7A6
                                                                  Function 004144DE Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 324timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • timeGetTime.WINMM(00000000), ref: 004145E1
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: Timetime
                                                                  • String ID: gfff$gfff$gfff$gfff
                                                                  • API String ID: 17336451-2178600047
                                                                  • Opcode ID: a6eb4a1a4bf024f16c397edd5e841aed2049ab2de515439dd25e44f6491a1c28
                                                                  • Instruction ID: e32ce3efbecf0e845fb5c017bd6949167df468d5a0ad1b28c98723774e94ba96
                                                                  • Opcode Fuzzy Hash: a6eb4a1a4bf024f16c397edd5e841aed2049ab2de515439dd25e44f6491a1c28
                                                                  • Instruction Fuzzy Hash: 79C17E313046059BD718DF15C494BEA77A6BFC8704F18856EE8498F382CB79ED42CB9A
                                                                  Function 004D8B00 Relevance: 9.1, APIs: 6, Instructions: 53sleepCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • timeKillEvent.WINMM(?), ref: 004D8B13
                                                                  • Sleep.KERNEL32(00000001,?,0041D4A9), ref: 004D8B2D
                                                                  • waveOutReset.WINMM(?,?,0041D4A9), ref: 004D8B34
                                                                  • waveOutUnprepareHeader.WINMM(?,-000013C4,00000020,?,?,0041D4A9), ref: 004D8B5A
                                                                  • Sleep.KERNEL32(00000001,?,?,0041D4A9), ref: 004D8B63
                                                                  • waveOutClose.WINMM(?,?,0041D4A9), ref: 004D8B86
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: wave$Sleep$CloseEventHeaderKillResetUnpreparetime
                                                                  • String ID:
                                                                  • API String ID: 3030913982-0
                                                                  • Opcode ID: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                                                  • Instruction ID: 723e303dfaa0e6e3e16fcc3d7d301ea8209cd941138754b25ec6b12d62c8e06b
                                                                  • Opcode Fuzzy Hash: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                                                  • Instruction Fuzzy Hash: 0401ADB5A00214ABC3149F14EC88AAEB7F8FB98B11F00091BF41497301CB79A9598BF5
                                                                  Function 004CF830 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 160fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000,?,?,?,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF94E
                                                                  • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,-00000001,00000000,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF99D
                                                                  • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000), ref: 004CF9BF
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CreateFile
                                                                  • String ID: \\?\
                                                                  • API String ID: 823142352-4282027825
                                                                  • Opcode ID: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                                                  • Instruction ID: d900b4c61e2357813c95f9d4093febd61d3ae0210469f6574eac6d9984f09979
                                                                  • Opcode Fuzzy Hash: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                                                  • Instruction Fuzzy Hash: A141C2B5904300BBEB50EB21DC86F1B77A9EB89348F24092EF54597381D63DDC48C7A6
                                                                  Function 004DD6F0 Relevance: 8.8, APIs: 7, Instructions: 54COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • EnterCriticalSection.KERNEL32(?,00000000,?,?,004DDFDB,000000FF,00000001,004DE7BA), ref: 004DD6FC
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 004DD71E
                                                                    • Part of subcall function 004FA760: EnterCriticalSection.KERNEL32(?,?,00000000,7750E820,?,004DD732), ref: 004FA76A
                                                                    • Part of subcall function 004FA760: LeaveCriticalSection.KERNEL32(?), ref: 004FA77A
                                                                    • Part of subcall function 004DC9A0: EnterCriticalSection.KERNEL32 ref: 004DCA0C
                                                                    • Part of subcall function 004DC9A0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?), ref: 004DCA1D
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004DD741
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004DD744
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 004DD74C
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004DD771
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004DD774
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$Leave$Enter
                                                                  • String ID:
                                                                  • API String ID: 2978645861-0
                                                                  • Opcode ID: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                                                  • Instruction ID: 32add75de912499d63db8df7e296ef1919b4cd71e3024a8d459c2c8f380e6b48
                                                                  • Opcode Fuzzy Hash: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                                                  • Instruction Fuzzy Hash: 59012975302A155FD324EB2ADC90B6BE3F9AF91354F00842FE546C3750CB64FC058AA9
                                                                  Function 004D8640 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateWindowExA.USER32(00000000,STATIC,Dummy,80000000,00000000,00000000,00000005,00000005,00000000,00000000,00000000,00000000), ref: 004D866B
                                                                  • SetWindowLongA.USER32(00000000,000000EB,00000000), ref: 004D8683
                                                                  • SetWindowLongA.USER32(?,000000FC,004D8520), ref: 004D8690
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: Window$Long$Create
                                                                  • String ID: Dummy$STATIC
                                                                  • API String ID: 1733017098-132613206
                                                                  • Opcode ID: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                                                  • Instruction ID: 60c9263fdfddd51d1a46959990d996e43c4a0f9c9599785539e6d357df671051
                                                                  • Opcode Fuzzy Hash: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                                                  • Instruction Fuzzy Hash: 35F0303138471076E630A66ABC06F57B6EC9B59F31F21071AB319F76E0DAE0F8004A2C
                                                                  Function 004F5A70 Relevance: 7.6, APIs: 6, Instructions: 129COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • EnterCriticalSection.KERNEL32(?,00000010,?,00000000,00000000,004EF87C,?,?,004AC02B,?,?), ref: 004F5A80
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F5A8A
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 004F5B2E
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F5B3D
                                                                  • EnterCriticalSection.KERNEL32(?,00000002), ref: 004F5B78
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F5B8A
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$EnterLeave
                                                                  • String ID:
                                                                  • API String ID: 3168844106-0
                                                                  • Opcode ID: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                                                  • Instruction ID: 42192e3c7faa4449eaa7148df56c5331408008ed83f87a65c0d534a8c29348b8
                                                                  • Opcode Fuzzy Hash: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                                                  • Instruction Fuzzy Hash: EE41B634300B0D5BD7259F319894BBB77A9AF80704F08415EEB6A8B392DB18FC15D768
                                                                  Function 004F26C0 Relevance: 7.6, APIs: 5, Instructions: 84timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • timeGetTime.WINMM(?,?,?,?,?,?), ref: 004F274C
                                                                  • EnterCriticalSection.KERNEL32(?,00000000,?,?,?), ref: 004F277D
                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 004F2787
                                                                  • timeGetTime.WINMM(?,?), ref: 004F2792
                                                                  • timeGetTime.WINMM(?,?,?,?,?), ref: 004F27C6
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: Timetime$CriticalSection$EnterLeave
                                                                  • String ID:
                                                                  • API String ID: 1404962471-0
                                                                  • Opcode ID: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                                                  • Instruction ID: 9d8894fa7cd5c1a3a8d1574b016894ebc4e8e1121a62fd2c9071eafdbb47ea2c
                                                                  • Opcode Fuzzy Hash: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                                                  • Instruction Fuzzy Hash: B531BC35208B049BC314DF25E9956ABB7F1FFC9720F148A2DE4EA83390DB34A419CB56
                                                                  Function 005293B0 Relevance: 7.6, APIs: 5, Instructions: 77sleepCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 00529421
                                                                  • Sleep.KERNEL32(00000000,?,08000041,?,?,00529592,?,?), ref: 00529431
                                                                  • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 0052943A
                                                                  • InterlockedExchange.KERNEL32(00000378,00000000), ref: 0052944F
                                                                  • __aulldiv.LIBCMT ref: 0052947B
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: ExchangeInterlocked$Compare$Sleep__aulldiv
                                                                  • String ID:
                                                                  • API String ID: 1430435781-0
                                                                  • Opcode ID: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                                                  • Instruction ID: c7c6432b147b16162d76303af8a74e071e756cb34c164aed74e4a8b1f06fd785
                                                                  • Opcode Fuzzy Hash: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                                                  • Instruction Fuzzy Hash: 9C215AB15007409FD7219F2A9844A67FEFCFFA1705F10851FA45A873A1D7B4A904CB64
                                                                  Function 004F5CB0 Relevance: 7.6, APIs: 6, Instructions: 69COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$EnterLeave
                                                                  • String ID:
                                                                  • API String ID: 3168844106-0
                                                                  • Opcode ID: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                                                  • Instruction ID: 3111dceef54b192a201187cebb12310cd19e01e5115420dd7c98ed3fae01612e
                                                                  • Opcode Fuzzy Hash: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                                                  • Instruction Fuzzy Hash: 2921A73520174A4BD710AF66E888BFFB7B8EB60305F00852FEB4643251C779A84ADB64
                                                                  Function 004D8010 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateSolidBrush.GDI32(?), ref: 004D802E
                                                                  • SelectObject.GDI32(?,00000000), ref: 004D8044
                                                                  • FillRect.USER32(?,?,00000000), ref: 004D8067
                                                                  • SelectObject.GDI32(?,00000000), ref: 004D8075
                                                                  • DeleteObject.GDI32(00000000), ref: 004D8078
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: Object$Select$BrushCreateDeleteFillRectSolid
                                                                  • String ID:
                                                                  • API String ID: 3777265051-0
                                                                  • Opcode ID: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                                                  • Instruction ID: d8a686452ba02d7e488f009474b8275e6b936404318e954abf19810798465268
                                                                  • Opcode Fuzzy Hash: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                                                  • Instruction Fuzzy Hash: 76019A752042046FC304DB69ED88C6B7BF8EACD614B000A5DFA8983312E635E806DB71
                                                                  Function 004E4660 Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • EnterCriticalSection.KERNEL32(?,?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E468C
                                                                  • LeaveCriticalSection.KERNEL32(?,0041D485), ref: 004E46A2
                                                                  • DeleteCriticalSection.KERNEL32(?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D0
                                                                  • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D9
                                                                  • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46E6
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$Delete$EnterLeave
                                                                  • String ID:
                                                                  • API String ID: 3104255891-0
                                                                  • Opcode ID: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                                                  • Instruction ID: c031ed0988ac34fb64eb35ca7992c3622ed3d26c78e5592643255ae209dbdd49
                                                                  • Opcode Fuzzy Hash: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                                                  • Instruction Fuzzy Hash: D101D4B750060C5BC2106B35EC81BAF73A8AFC4214F05051EF54F93241DA68B8088BA1
                                                                  Function 004CFD10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 112COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetFileAttributesExA.KERNEL32(?,00000000,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?), ref: 004CFE0F
                                                                    • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                                                  • GetFileAttributesExW.KERNEL32(00000000,00000000,?,?,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852), ref: 004CFDAF
                                                                  • GetFileAttributesExA.KERNEL32(00000000,00000000,?,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?,00000000), ref: 004CFDED
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: AttributesFile$Version
                                                                  • String ID: \\?\
                                                                  • API String ID: 3849939888-4282027825
                                                                  • Opcode ID: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                                                  • Instruction ID: f991edffad243b4bd670aca913d189ed867c40d808b57564552852d0b3f79ee3
                                                                  • Opcode Fuzzy Hash: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                                                  • Instruction Fuzzy Hash: 6431277A90031067D710AA65AC42FEB73995F85704F54042FF90687352EB6D9C0EC2EA
                                                                  Function 004FA670 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • EnterCriticalSection.KERNEL32(?,00000000,00000000), ref: 004FA67B
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004FA749
                                                                    • Part of subcall function 004F9B30: EnterCriticalSection.KERNEL32(?,00000000,?,004FA7A6,?,?,7750FFB0), ref: 004F9B35
                                                                    • Part of subcall function 004F9B30: LeaveCriticalSection.KERNEL32(?), ref: 004F9B84
                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000100,00000000,00000000,?), ref: 004FA715
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$EnterLeave$ByteCharMultiWide
                                                                  • String ID: FriendlyName
                                                                  • API String ID: 904232820-3623505368
                                                                  • Opcode ID: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                                                  • Instruction ID: 4f25218f4a75fa1caa45750efdb6ff353ea89136e06b91a5ad3ed6f7a0914714
                                                                  • Opcode Fuzzy Hash: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                                                  • Instruction Fuzzy Hash: 9A212A75244301AFD220EB54DC49F5BB7F8BF88714F008A1DFA899B290D774F8098BA6
                                                                  Function 004CAB90 Relevance: 6.2, APIs: 4, Instructions: 211COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateCompatibleDC.GDI32(00000000), ref: 004CADB4
                                                                  • CreateDIBSection.GDI32(00000000,?,00000000,?,00000000,00000000), ref: 004CADC8
                                                                  • GetObjectA.GDI32(00000000,00000018,?), ref: 004CADD8
                                                                  • DeleteDC.GDI32(00000000), ref: 004CADFF
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: Create$CompatibleDeleteObjectSection
                                                                  • String ID:
                                                                  • API String ID: 3137390749-0
                                                                  • Opcode ID: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                                                  • Instruction ID: ec125f8efd539a004f5243cd975522e641b23088832de904e1665531ca55df12
                                                                  • Opcode Fuzzy Hash: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                                                  • Instruction Fuzzy Hash: 2981AFB56043458FC324CF29D484A67FBF1BF98314F148A6ED58A87712D334E989CBA6
                                                                  Function 0052AFD0 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • QueryPerformanceCounter.KERNEL32 ref: 0052AFF0
                                                                  • QueryPerformanceCounter.KERNEL32(?), ref: 0052B016
                                                                    • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C25F
                                                                    • Part of subcall function 0040C250: Sleep.KERNEL32(00000000,?,?,0052B390,?,004012F9,00000008), ref: 0040C272
                                                                    • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C279
                                                                  • InterlockedExchange.KERNEL32(?,00000000), ref: 0052B050
                                                                  • QueryPerformanceCounter.KERNEL32(?), ref: 0052B05B
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CounterExchangeInterlockedPerformanceQuery$Compare$Sleep
                                                                  • String ID:
                                                                  • API String ID: 188302963-0
                                                                  • Opcode ID: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                                                  • Instruction ID: 331ae7ec3883c6fb41667714d1c2397b805b788a0704fbfdebc2abdcd4384ec1
                                                                  • Opcode Fuzzy Hash: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                                                  • Instruction Fuzzy Hash: 19212A75604712ABC318DF65D884A9AF7E8BF89300F040A1DE85993780D734F918CBA2
                                                                  Function 004E5C20 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 61COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 004E4850: waveInGetNumDevs.WINMM(defaultmicrophone,00000000,?,00000000,?,?,?,?,004E8459,?,?,?,?,?,?,?), ref: 004E489B
                                                                    • Part of subcall function 004E4C80: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C7E,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E4C8A
                                                                    • Part of subcall function 004E4C80: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E4CD7
                                                                    • Part of subcall function 004E3860: EnterCriticalSection.KERNEL32(?,00000000,?,004E5C91,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E3868
                                                                    • Part of subcall function 004E3860: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E388F
                                                                    • Part of subcall function 004E5B40: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C9B,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?), ref: 004E5B4C
                                                                    • Part of subcall function 004E5B40: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5B71
                                                                  • EnterCriticalSection.KERNEL32(00000004,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E5CA2
                                                                  • LeaveCriticalSection.KERNEL32(00000004,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5CB2
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$EnterLeave$Devswave
                                                                  • String ID: echosuppression$gain
                                                                  • API String ID: 967401230-1829011300
                                                                  • Opcode ID: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                                                  • Instruction ID: eec625d20ecc8ac728587d7ca18c0fda910ff7f544bd80cb39fcd025b5d808b6
                                                                  • Opcode Fuzzy Hash: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                                                  • Instruction Fuzzy Hash: 4C118E35700B449BC711EB67C9A1A2BB3B9BF8871AB15049EE5464B741CB24FC02CBA4
                                                                  Function 00509EC0 Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 0050B060: CreateEventA.KERNEL32(00000000,?,00000000,00000000,00000000,00509F02,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E), ref: 0050B06E
                                                                  • InitializeCriticalSection.KERNEL32(0000007C,00000001,00000001,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E,00549D98,?,?), ref: 00509F34
                                                                  • InitializeCriticalSection.KERNEL32(00000094,?,?,?,?,?,?,?,?,7750FFB0), ref: 00509F3D
                                                                  • InitializeCriticalSection.KERNEL32 ref: 00509F6E
                                                                  • SetEvent.KERNEL32 ref: 00509F74
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalInitializeSection$Event$Create
                                                                  • String ID:
                                                                  • API String ID: 662013055-0
                                                                  • Opcode ID: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                                                  • Instruction ID: a00b6d7b902e657a52a59b9571d5736a80dfe09fbfe7896e9036a1fe9281f1e6
                                                                  • Opcode Fuzzy Hash: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                                                  • Instruction Fuzzy Hash: 9B21C4B1540B049FE320DF6AD884A9BFBE8FF94704F00490EE1AA83661D7B1B405CB61
                                                                  Function 004D2AA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetSystemDirectoryA.KERNEL32(?,00000105), ref: 004D2AB9
                                                                  • CreateCompatibleDC.GDI32(00000000), ref: 004D2B3D
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CompatibleCreateDirectorySystem
                                                                  • String ID: Macromed\Flash\
                                                                  • API String ID: 2606042488-1438515271
                                                                  • Opcode ID: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                                                  • Instruction ID: 299e9cb63676f09c6c690dce7675c16131e739682a5e940449f79e26451de6f9
                                                                  • Opcode Fuzzy Hash: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                                                  • Instruction Fuzzy Hash: 8F118A711047016FC704EF21EC52AAF77E4BF98704F40491EF19943281DB78A908CFAA
                                                                  Function 004F2BF0 Relevance: 5.1, APIs: 4, Instructions: 99COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B22,00000001,000000FF), ref: 004F2BFE
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F2C88
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F2CCE
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F2CF1
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$Leave$Enter
                                                                  • String ID:
                                                                  • API String ID: 2978645861-0
                                                                  • Opcode ID: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                                                  • Instruction ID: d821757bbb06b5f881817bb4be3b83133dcd2ebdcf47b2e92145d0cebd45ebc1
                                                                  • Opcode Fuzzy Hash: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                                                  • Instruction Fuzzy Hash: D631D2762042854FD3248F29D898A3BBBF5EFD9351F19856EE696C7381C779D808C720
                                                                  Function 004F64A0 Relevance: 5.0, APIs: 4, Instructions: 45COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,004F7247,?), ref: 004F64C1
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F64E6
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 004F64EC
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F6515
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$EnterLeave
                                                                  • String ID:
                                                                  • API String ID: 3168844106-0
                                                                  • Opcode ID: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                                                  • Instruction ID: c39e4b2d7a975ea5970b06f88a1f0ae82272a8bb6f48ad921d14b69448efe04b
                                                                  • Opcode Fuzzy Hash: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                                                  • Instruction Fuzzy Hash: FC0188352003485BC714EF24D880A77F3A9AF46258B19559DE5C657342CA39EC06CBA4
                                                                  Function 00401380 Relevance: 5.0, APIs: 4, Instructions: 39COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 0040139D
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004013B3
                                                                  • EnterCriticalSection.KERNEL32(00000005), ref: 004013CA
                                                                  • LeaveCriticalSection.KERNEL32(00000005), ref: 004013D8
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1615903771.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1615689765.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616240290.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616265591.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616325260.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616360551.0000000000674000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616406724.00000000006E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616422563.00000000006EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616440243.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616489797.00000000006F9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616581930.0000000000700000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616601270.0000000000703000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616657313.0000000000709000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616753013.000000000070E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616877173.000000000073C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1616904753.000000000073F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$EnterLeave
                                                                  • String ID:
                                                                  • API String ID: 3168844106-0
                                                                  • Opcode ID: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                                                  • Instruction ID: 1dc668918495c93d19b35d2f921703afc781594381be1afc9f76799b5a6aac2f
                                                                  • Opcode Fuzzy Hash: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                                                  • Instruction Fuzzy Hash: 280112B620070AAFC310CF69D884946FBF8FFA8314B10C55AE95983711C771F956CBA0

                                                                  Executed Functions

                                                                  Function 007A9098 Relevance: 2.7, APIs: 2, Instructions: 163memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 007A90C1
                                                                  • VirtualFree.KERNELBASE(00000000,00000000,?), ref: 007A926D
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000003.1580553327.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_3_770000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: Virtual$AllocFree
                                                                  • String ID:
                                                                  • API String ID: 2087232378-0
                                                                  • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                  • Instruction ID: 3da77de92bf0c33bc52e49a700e110508d5e24bdc964440293630acdd4b79e25
                                                                  • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                  • Instruction Fuzzy Hash: 9E719C71D0424ADFCB41CF98C881BEEBBF0BB4A314F244195E665F7281D238AA91DF65
                                                                  Function 007A92CC Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 007A9314
                                                                    • Part of subcall function 007A9098: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 007A90C1
                                                                    • Part of subcall function 007A9098: VirtualFree.KERNELBASE(00000000,00000000,?), ref: 007A926D
                                                                  • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 007A9366
                                                                  • VirtualProtect.KERNELBASE(0000002C,?,00000040,0000002C), ref: 007A93C0
                                                                  • VirtualFree.KERNELBASE(00000000,00000000,?), ref: 007A93F3
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000003.1580553327.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_3_770000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: Virtual$Alloc$Free$Protect
                                                                  • String ID: ,
                                                                  • API String ID: 1004437363-3772416878
                                                                  • Opcode ID: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                                                  • Instruction ID: fdc3e14bfe8bd98f10242a0524754a491cccef1a7c378bc05cf1da2b973c4246
                                                                  • Opcode Fuzzy Hash: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                                                  • Instruction Fuzzy Hash: 0E51F975900709EFCB10DFA9C885A9EBBF4FF49344F10851AFA59A7240D374E951CBA4
                                                                  Function 007A0BA2 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000003.1580553327.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_3_770000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: __freea$__alloca_probe_16
                                                                  • String ID:
                                                                  • API String ID: 3509577899-0
                                                                  • Opcode ID: ce9059a0f54269a3e857cd05decacb9db5d80458a844bd6716999fbfe2567560
                                                                  • Instruction ID: fd6922cf7a80161dd0570e670522332710b0b795b89aff0777e773291c4cc3ee
                                                                  • Opcode Fuzzy Hash: ce9059a0f54269a3e857cd05decacb9db5d80458a844bd6716999fbfe2567560
                                                                  • Instruction Fuzzy Hash: 34519373700606AFEB215FA4CC89EBB7BA9DFC6710B150B29FD0496151E738ED5086A1
                                                                  Function 007A1748 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RtlAllocateHeap.NTDLL(00000008,00000000,00000000,?,007A12D6,00000001,00000364,00000000,?,000000FF,?,007A44E3,?,?,00000000), ref: 007A1789
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000003.1580553327.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_3_770000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: AllocateHeap
                                                                  • String ID:
                                                                  • API String ID: 1279760036-0
                                                                  • Opcode ID: 0596b3e3bb4ee076d882318f24e778a83a401db1bf84a202353ae450301ec008
                                                                  • Instruction ID: 154d7c5781bc45dc2e1e534129e35c8708544993023084300fd8ef5a2906b620
                                                                  • Opcode Fuzzy Hash: 0596b3e3bb4ee076d882318f24e778a83a401db1bf84a202353ae450301ec008
                                                                  • Instruction Fuzzy Hash: 77F0E931600234AAFB612A329C49B7B37489FC37B0F549312FC189A090EA2CDC0046E4
                                                                  Function 007A3D41 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • LCMapStringEx.KERNELBASE(?,007A0C92,?,?,-00000008,?,00000000,00000000,00000000,00000000,00000000), ref: 007A3D75
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000003.1580553327.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_3_770000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: String
                                                                  • String ID:
                                                                  • API String ID: 2568140703-0
                                                                  • Opcode ID: d727af7c0b24174baf6674acea18e18495a24099b1991f5a4d4d2d4c43d856f5
                                                                  • Instruction ID: f5da0ac4411f4585a45001adfe7889a157d9ede36c0b1885ca72ad1c5d438d21
                                                                  • Opcode Fuzzy Hash: d727af7c0b24174baf6674acea18e18495a24099b1991f5a4d4d2d4c43d856f5
                                                                  • Instruction Fuzzy Hash: D2F07A3650021EFBCF126F90DC09DDE3F26EF89360F058211FA1825020C73AC931AB90
                                                                  Function 0079BEFA Relevance: 1.3, APIs: 1, Instructions: 86COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualFree.KERNELBASE(?,00000000,?), ref: 0079BFCE
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000003.1580553327.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_3_770000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: FreeVirtual
                                                                  • String ID:
                                                                  • API String ID: 1263568516-0
                                                                  • Opcode ID: 690d0b966addc1296c1a84957827a07f248c1aeee82d1611503b10e66bc6485d
                                                                  • Instruction ID: 1fc4dd6c3aeaaee0817216e36ba63e5b521813be904bdd1d1e2e3dac9636e59c
                                                                  • Opcode Fuzzy Hash: 690d0b966addc1296c1a84957827a07f248c1aeee82d1611503b10e66bc6485d
                                                                  • Instruction Fuzzy Hash: BA312871900209AFCB10DFA9ED80BAEBBF5FF48710F10802AE559AB250D779A905CF94
                                                                  Function 0079BC80 Relevance: 1.3, APIs: 1, Instructions: 30COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CloseHandle.KERNELBASE(00000000), ref: 0079BCC7
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000003.1580553327.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_3_770000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CloseHandle
                                                                  • String ID:
                                                                  • API String ID: 2962429428-0
                                                                  • Opcode ID: 2b98aa5a84afd173d90c2bfe6f1fcf2b928bb24c025f6a62b163b41e7890a4c3
                                                                  • Instruction ID: f5ba4a2137a67daeb2fbb8b41962ef0f6117c7a666148d136e8c43de06cc210a
                                                                  • Opcode Fuzzy Hash: 2b98aa5a84afd173d90c2bfe6f1fcf2b928bb24c025f6a62b163b41e7890a4c3
                                                                  • Instruction Fuzzy Hash: F7E06DB5901622BB97112B20BE09E7B766CEF927413048525FA24E2240DF38DC11C6B5

                                                                  Non-executed Functions

                                                                  Function 004D9AB0 Relevance: 22.6, APIs: 15, Instructions: 136clipboardmemoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GlobalAlloc.KERNEL32(00002002,00000002), ref: 004D9B06
                                                                  • GlobalLock.KERNEL32(00000000), ref: 004D9B17
                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 004D9B28
                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000001,00000000,00000000), ref: 004D9B51
                                                                  • GlobalAlloc.KERNEL32(00002002,00000001), ref: 004D9B61
                                                                  • GlobalLock.KERNEL32(00000000), ref: 004D9B70
                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 004D9B81
                                                                  • GlobalAlloc.KERNEL32(00002002,00000003,?,?,?,00000000,0040D599,00000000,00000000), ref: 004D9BB8
                                                                  • GlobalLock.KERNEL32(00000000), ref: 004D9BC5
                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 004D9BDB
                                                                  • OpenClipboard.USER32(00000000), ref: 004D9BEB
                                                                  • EmptyClipboard.USER32 ref: 004D9BF5
                                                                  • SetClipboardData.USER32(0000000D,00000000), ref: 004D9C08
                                                                  • SetClipboardData.USER32(00000001,00000000), ref: 004D9C11
                                                                  • CloseClipboard.USER32 ref: 004D9C13
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: Global$Clipboard$AllocLockUnlock$Data$ByteCharCloseEmptyMultiOpenWide
                                                                  • String ID:
                                                                  • API String ID: 3392129136-0
                                                                  • Opcode ID: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                                                  • Instruction ID: e40826f6a6b6de4095afa5ba746f594757548e465f4129e7c784a6b23cc7d310
                                                                  • Opcode Fuzzy Hash: 6ce6bc6ff71d1a8c4d07697407ae3b5d450af23bfff1a9a29fd96cc425f21c01
                                                                  • Instruction Fuzzy Hash: 7A41F371104302ABE3111B61BC99B277BFCAFA1B04F09041BF986D7341DA69EC09D7BA
                                                                  Function 0079CDD5 Relevance: .1, Instructions: 147COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000003.1580553327.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_3_770000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ab678024b27634cae8f009ada00d78c64daba5d8a61eb3502b89817b54d872ca
                                                                  • Instruction ID: 20744ecfedf4c28fd76f74ea8c3d8a786a43a3a68d56d5ce4262764e8bcaaa8c
                                                                  • Opcode Fuzzy Hash: ab678024b27634cae8f009ada00d78c64daba5d8a61eb3502b89817b54d872ca
                                                                  • Instruction Fuzzy Hash: D2516CB1A122099FEF16CF59E9D17AEBBF1FB48310F14806AD405EB250D3789940CF51
                                                                  Function 007A9277 Relevance: .0, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000003.1580553327.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_3_770000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                                  • Instruction ID: 3a0743dcc37270f94bbdfc13b256ffb0086501d309c9e3f5df53f5aed5376cb7
                                                                  • Opcode Fuzzy Hash: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                                  • Instruction Fuzzy Hash: 66F06D79A00200EF8B24DF0AC548E95B7F6FBC6720B6546A5E504DB2A1D3B8ED54CBA0
                                                                  Function 004D7960 Relevance: 70.1, APIs: 20, Strings: 20, Instructions: 118COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: WSAAsyncGetHostByName$WSAAsyncSelect$WSACancelAsyncRequest$WSACleanup$WSAGetLastError$WSAStartup$WSOCK32.DLL$accept$bind$closesocket$connect$htonl$htons$inet_addr$listen$recv$recvfrom$send$sendto$socket
                                                                  • API String ID: 0-3677570488
                                                                  • Opcode ID: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                                                  • Instruction ID: 8c9ac86f1f98df4bb1f2f2f05f7a43d8bd4a8589446ea9a4d4fdb8b68f6288ad
                                                                  • Opcode Fuzzy Hash: 92a4acbc399bf9b3ce295a5f3de41989e4871b31030ec6fc55de6d5f39285aff
                                                                  • Instruction Fuzzy Hash: 5031DE71D523646AD7206BB9EC19DEF3EACFBB6704B510517F000972A0EAF88458AF94
                                                                  Function 004F4A60 Relevance: 43.9, APIs: 22, Strings: 7, Instructions: 376COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • EnterCriticalSection.KERNEL32 ref: 004F4A89
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4AFB
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4BF2
                                                                  • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F4CEA
                                                                  • LeaveCriticalSection.KERNEL32(?,?), ref: 004F4CFD
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 004F4D17
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4D1A
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 004F4D36
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 004F4D5D
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4D66
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 004F4D81
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4D87
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 004F4DB6
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4DC0
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 004F4E05
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4E11
                                                                  • LeaveCriticalSection.KERNEL32(?,00000000), ref: 004F4E7D
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4E9C
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 004F4EB3
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4ED9
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 004F4EF4
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F4F06
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$Leave$Enter
                                                                  • String ID: NetStream.Play.Start$NetStream.Play.Stop$NetStream.Play.StreamNotFound$NetStream.Seek.InvalidTime$NetStream.Seek.Notify$error$status
                                                                  • API String ID: 2978645861-761530088
                                                                  • Opcode ID: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                                                  • Instruction ID: 162dc2aece2cb8deeda7270d3cf99ca9d96a23cce06d37320eaaf024755f17c1
                                                                  • Opcode Fuzzy Hash: 8031fb2b16cf08ebb29042ea612b824201a734ec780002ffcc35b8889f179ffa
                                                                  • Instruction Fuzzy Hash: C7E190352047459FD320DB34C845BABBBE1BF89714F04895DE9AA57382CB74F80ACB65
                                                                  Function 004D5D20 Relevance: 23.0, APIs: 4, Strings: 9, Instructions: 284COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • DestroyWindow.USER32(?,?,?,?,?), ref: 004D5D5F
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: DestroyWindow
                                                                  • String ID: D$FSCommand:$\fscommand$allowscale$exec$fullscreen$quit$showmenu$trapallkeys
                                                                  • API String ID: 3375834691-1928458085
                                                                  • Opcode ID: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                                                  • Instruction ID: 7647b0b3e504c4bbb0374484e0d8b702cf2a7569de5a553b4a60fd35f403e9ef
                                                                  • Opcode Fuzzy Hash: 651f01098ba612e2aa20b3cdcfc404e6a88be88dae9858ed9b192afdef851395
                                                                  • Instruction Fuzzy Hash: 27914C35504B015BCB24EF28EC617FBB791AFA6309F44451FE8888B341DB2A990BC7D9
                                                                  Function 004DB4E0 Relevance: 22.7, APIs: 15, Instructions: 180windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetWindowLongA.USER32(?,000000F0), ref: 004DB511
                                                                  • GetWindowRect.USER32(?,?), ref: 004DB531
                                                                  • GetClientRect.USER32(?,?), ref: 004DB541
                                                                  • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB55D
                                                                  • GetMenu.USER32(?), ref: 004DB581
                                                                  • SetMenu.USER32(?,00000000), ref: 004DB596
                                                                  • GetDesktopWindow.USER32 ref: 004DB5B0
                                                                  • GetWindowRect.USER32(00000000,?), ref: 004DB5BC
                                                                  • SetWindowPos.USER32(?,00000000,?,?,?,?,00000000,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB5E1
                                                                  • GetWindowLongA.USER32(?,000000F0), ref: 004DB604
                                                                  • SetWindowLongA.USER32(?,000000F0,?), ref: 004DB62A
                                                                  • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB66D
                                                                  • GetWindowRect.USER32(?,?), ref: 004DB6A5
                                                                  • GetClientRect.USER32(?,?), ref: 004DB6B7
                                                                  • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?,?,004D5D9E,00000000), ref: 004DB702
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: Window$Rect$Long$ClientMenuMove$Desktop
                                                                  • String ID:
                                                                  • API String ID: 3087884050-0
                                                                  • Opcode ID: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                                                  • Instruction ID: afb7dc4107877f96dc9ff69242aee4b267e14dc018c2a581ac30f1de2d6509eb
                                                                  • Opcode Fuzzy Hash: b644bd01d25a479bd3a154174cbb076086dd9edafcd01cccc19a768557d6cf23
                                                                  • Instruction Fuzzy Hash: 1C61F7756047009FE714CF79D888FA7B7E9EB98314F108A1EE5AA83344DE74B8088B65
                                                                  Function 004CFE40 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 164registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFE8F
                                                                  • RegQueryValueExW.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFEC1
                                                                  • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFF52
                                                                  • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004CFF84
                                                                  • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,00000001,00000000), ref: 004CFFF3
                                                                  • RegQueryValueExA.ADVAPI32(?,AppData,00000000,?,?,?), ref: 004D0021
                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 004D0043
                                                                    • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: OpenQueryValue$CloseVersion
                                                                  • String ID: AppData$AppData$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                                                  • API String ID: 3944000476-502054578
                                                                  • Opcode ID: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                                                  • Instruction ID: f72081d33d1e3e5e856db847e9c33e0e25e3821136d69a0383b26c3c547fa845
                                                                  • Opcode Fuzzy Hash: 8db32938d79705165cc268b6cef819a2b1932c4d39244d564a2eda060a3e5bcd
                                                                  • Instruction Fuzzy Hash: 0151B2715087017BC725DB50EC95FAB73E8AF88754F00891EF98553381EAB9D80AC7AA
                                                                  Function 004F5FC0 Relevance: 17.8, APIs: 14, Instructions: 252COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • EnterCriticalSection.KERNEL32(?,?,00000000,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F606E
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F608D
                                                                  • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6111
                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F611B
                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F612B
                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6135
                                                                    • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                                                    • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                                                    • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                                                    • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                                                    • Part of subcall function 004F5CB0: EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                                                    • Part of subcall function 004F5CB0: LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                                                  • EnterCriticalSection.KERNEL32(?,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F61D1
                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6212
                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F621C
                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F6244
                                                                  • EnterCriticalSection.KERNEL32(?,00000001,00000002,?,?,00000000,?,?,?,?,?,?,004F732F,?), ref: 004F6268
                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62A9
                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62B3
                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F62DB
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$EnterLeave
                                                                  • String ID:
                                                                  • API String ID: 3168844106-0
                                                                  • Opcode ID: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                                                  • Instruction ID: 143f1fb28292c6c8f5848ec82d72cb0c1768edffe3cb57bca7300ec5568bca4f
                                                                  • Opcode Fuzzy Hash: 7e8666cb07b5cacadf35492099d50c0e827f2b9a1fadfb76ea06a7d0beb11ddf
                                                                  • Instruction Fuzzy Hash: 2AA1113020430E8BC725DF349854BBBBBB9AF94304F15056EFA5687382DB79E809CB65
                                                                  Function 004D7EF0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 92COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • StartDocA.GDI32(?,00000000), ref: 004D7F29
                                                                  • GetDeviceCaps.GDI32(?,00000008), ref: 004D7F47
                                                                  • GetDeviceCaps.GDI32(?,0000000A), ref: 004D7F55
                                                                  • LPtoDP.GDI32(00000000,00000002), ref: 004D7F83
                                                                  • GetDeviceCaps.GDI32(00000000,0000006E), ref: 004D7FA0
                                                                  • GetDeviceCaps.GDI32(00000000,0000006F), ref: 004D7FAE
                                                                  • GetDeviceCaps.GDI32(00000000,00000058), ref: 004D7FBC
                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004D7FD2
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CapsDevice$Start
                                                                  • String ID: portrait
                                                                  • API String ID: 1738886688-2504013051
                                                                  • Opcode ID: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                                                  • Instruction ID: 78bfa520cedcb1c13f518f393ea8421dc938ea51f70754ce75912898c89e0c82
                                                                  • Opcode Fuzzy Hash: 87bb50d4ff0b2b6bcd955025618aa84fe9db738b10e38e5fb2dd326402729996
                                                                  • Instruction Fuzzy Hash: 7641DFB0604B109FC324DF2AD980A1AFBF5BF98710F108A1EE58A877A1D771E845CF91
                                                                  Function 004F7040 Relevance: 15.3, APIs: 10, Instructions: 296timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • EnterCriticalSection.KERNEL32(?,00000000,?,00000000,00000000,?,004AC0BD,?,?), ref: 004F705A
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F7081
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 004F709A
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F70A3
                                                                  • timeGetTime.WINMM(00000000,00000000,00000000,00000000,?), ref: 004F7390
                                                                  • LeaveCriticalSection.KERNEL32(?,?), ref: 004F73D5
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$Leave$Enter$Timetime
                                                                  • String ID:
                                                                  • API String ID: 4022644143-0
                                                                  • Opcode ID: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                                                  • Instruction ID: 3d57daaa4b40982c2e4bbac1192c2a7fdd3e5fb289d79a2cbb097eeb1d58369f
                                                                  • Opcode Fuzzy Hash: 619e67b58965c9b6edfd0f45f913366b2bb88d2215bcce8f286a8ccc74bc94e1
                                                                  • Instruction Fuzzy Hash: 60A12B303083495BC7259F398890BBBBBE59F85700F04456EFA9AC7392DB6CE905D768
                                                                  Function 004F2A10 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 79timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • EnterCriticalSection.KERNEL32(?,?,?,00000000,004F7352,?), ref: 004F2A19
                                                                  • timeGetTime.WINMM ref: 004F2A25
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F2A39
                                                                  • timeGetTime.WINMM(?), ref: 004F2A46
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F2AD7
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$LeaveTimetime$Enter
                                                                  • String ID: NetStream.Buffer.Empty$NetStream.Buffer.Full$status
                                                                  • API String ID: 2943255653-4242577526
                                                                  • Opcode ID: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                                                  • Instruction ID: adfbc573f46a5ae42de3eb127535f59d6c3a8125dfae6686c248f3bcdabba04f
                                                                  • Opcode Fuzzy Hash: 2800b6424f4894067f550383054d91bd5e105dc9488e734664937b715ac8d418
                                                                  • Instruction Fuzzy Hash: 33217471740705ABD7308F14DD86B6BB7A4FB50B21F24462BF267966D0C7B4B8408754
                                                                  Function 004F3EC0 Relevance: 13.7, APIs: 9, Instructions: 245COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B64,00000002), ref: 004F3ED0
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F3EDE
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F3F20
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$Leave$Enter
                                                                  • String ID:
                                                                  • API String ID: 2978645861-0
                                                                  • Opcode ID: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                                                  • Instruction ID: 85195bc957575009e4a7604c5a43e45099f91f30af12cfc7e5b33174ac27f883
                                                                  • Opcode Fuzzy Hash: 34f8658622f1aa9e900f4973e8c3da322a382f9696d29d907fda60f1af10eeb7
                                                                  • Instruction Fuzzy Hash: BF81C0316047494FC724DF39989057BB7F1AF853117148A2FE6A787B81DB38E805CB68
                                                                  Function 00401170 Relevance: 13.6, APIs: 9, Instructions: 124timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 00401181
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004011B1
                                                                  • timeGetTime.WINMM ref: 004011C5
                                                                  • timeGetTime.WINMM ref: 004011D5
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 004011E3
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 0040122A
                                                                  • timeGetTime.WINMM ref: 0040123E
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 00401261
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 0040129E
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$EnterLeaveTimetime
                                                                  • String ID:
                                                                  • API String ID: 3486229058-0
                                                                  • Opcode ID: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                                                  • Instruction ID: b4a63a4f06c8fcffd2d454e61e85ed039b73bf68413dd997414ba6e559c29426
                                                                  • Opcode Fuzzy Hash: 5c08956a0c7860ec974705ddb8904b2646fc942159566fcab6cb5e79d3acde08
                                                                  • Instruction Fuzzy Hash: 6641D6357003148FCB309F60E80466BB7F4AF6575470486AEE896BB3E1DB38EC459AA5
                                                                  Function 00411A80 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 394COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • InterlockedExchange.KERNEL32(00000020,00000000), ref: 00411B68
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: ExchangeInterlocked
                                                                  • String ID: GET$_bytesLoaded$_bytesTotal$_customHeaders$contentType$loaded
                                                                  • API String ID: 367298776-2876428247
                                                                  • Opcode ID: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                                                  • Instruction ID: 337a073203a489cf9af6a636d5e82807fd5ac3b12a53b57697a6972a4ae57270
                                                                  • Opcode Fuzzy Hash: bc7a406daf2fbb0983bef868be79dd6fb756b60b2efaa2edd4b44b4e4be769b1
                                                                  • Instruction Fuzzy Hash: F6D126706047056BC714EF65D842AABB7E5BF88304F404A2EFA4687392EB38F945C799
                                                                  Function 0079E841 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • type_info::operator==.LIBVCRUNTIME ref: 0079E960
                                                                  • ___TypeMatch.LIBVCRUNTIME ref: 0079EA6E
                                                                  • _UnwindNestedFrames.LIBCMT ref: 0079EBC0
                                                                  • CallUnexpected.LIBVCRUNTIME ref: 0079EBDB
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000003.1580553327.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_3_770000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                  • String ID: csm$csm$csm
                                                                  • API String ID: 2751267872-393685449
                                                                  • Opcode ID: 239a4af11f55f81595298fdd8f27fa6654470999d4af52818c577849b92c20b2
                                                                  • Instruction ID: f9205ae31db05b9c3e77d0985b0ed2a32128f774b51f4989d9f1137d4a0a37b6
                                                                  • Opcode Fuzzy Hash: 239a4af11f55f81595298fdd8f27fa6654470999d4af52818c577849b92c20b2
                                                                  • Instruction Fuzzy Hash: A3B15C71800209EFCF29DFA4E8859AEBBB5FF14310F14455AE815AB212D739EE51CF92
                                                                  Function 004F34D0 Relevance: 11.4, APIs: 9, Instructions: 158COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,004F5BA3,00000000), ref: 004F34EA
                                                                  • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3537
                                                                  • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3545
                                                                  • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3556
                                                                  • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F355F
                                                                  • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F3594
                                                                  • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F359D
                                                                  • EnterCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36AD
                                                                  • LeaveCriticalSection.KERNEL32(?,?,004F5BA3,00000000), ref: 004F36BB
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$Enter$Leave
                                                                  • String ID:
                                                                  • API String ID: 2801635615-0
                                                                  • Opcode ID: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                                                  • Instruction ID: 93c01fc31a9ee7373f9c1d93048bf40271cec5808ab28bfcb2eca2428eaae834
                                                                  • Opcode Fuzzy Hash: 2acf0627a9549dec7f7e43e10a8dfb91ca38bb9d58e4ce9ffdfa8fec1b5a1733
                                                                  • Instruction Fuzzy Hash: 1F51BE3020474A9BD7249F319558BBBBBF8AF84742F04485EE5DEC3361DB28EA08C724
                                                                  Function 004F36F0 Relevance: 11.3, APIs: 9, Instructions: 87COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?), ref: 004F3709
                                                                  • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F374C
                                                                  • LeaveCriticalSection.KERNEL32(?,?), ref: 004F375C
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 004F376D
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F377A
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F37A9
                                                                  • EnterCriticalSection.KERNEL32(?,00000000), ref: 004F37C5
                                                                  • LeaveCriticalSection.KERNEL32(?,?), ref: 004F37D5
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F37EC
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$Leave$Enter
                                                                  • String ID:
                                                                  • API String ID: 2978645861-0
                                                                  • Opcode ID: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                                                  • Instruction ID: 1822ab8b2bc00c4b335a7296647f06df4fe24da2c1cedc303b1505dbbb5a7089
                                                                  • Opcode Fuzzy Hash: 318028bd3e644244c467fd2509390a4b47584e5d5e6a88b99469994f74e86a6d
                                                                  • Instruction Fuzzy Hash: 2831D1B11087894BC610AF35A9807EBFBF8BF89714F04499DE5E953251C734AA1DC726
                                                                  Function 0079D940 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _ValidateLocalCookies.LIBCMT ref: 0079D977
                                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 0079D97F
                                                                  • _ValidateLocalCookies.LIBCMT ref: 0079DA08
                                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 0079DA33
                                                                  • _ValidateLocalCookies.LIBCMT ref: 0079DA88
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000003.1580553327.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_3_770000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                  • String ID: csm
                                                                  • API String ID: 1170836740-1018135373
                                                                  • Opcode ID: 37b7ffcd75580574b2bed498a0d55029e147ec6556988c79b4e43bfdd644b3e9
                                                                  • Instruction ID: e60fa94935fac86d4f2411bee0f06bae9fa08a52f082d528d61211fb7b327bd8
                                                                  • Opcode Fuzzy Hash: 37b7ffcd75580574b2bed498a0d55029e147ec6556988c79b4e43bfdd644b3e9
                                                                  • Instruction Fuzzy Hash: 8B41D634A04208DFCF20DF68E885A9E7BB5FF45324F14C155E9196B392D739AD11CB91
                                                                  Function 004D7D40 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 102COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: localhost
                                                                  • API String ID: 0-2663516195
                                                                  • Opcode ID: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                                                  • Instruction ID: cf482c115b2fa46a5b5609c5aae3d134ea41c2cdeafd480f3feffcf81808ee73
                                                                  • Opcode Fuzzy Hash: a84127021668ac66c92549beb1820c1694ea4c36d481015665288550d8e57417
                                                                  • Instruction Fuzzy Hash: 9131ED30208311ABDB20DF249C85BBBB7E5FF95710F004A1EF9559B381E7719948C7A6
                                                                  Function 004144DE Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 324timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • timeGetTime.WINMM(00000000), ref: 004145E1
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: Timetime
                                                                  • String ID: gfff$gfff$gfff$gfff
                                                                  • API String ID: 17336451-2178600047
                                                                  • Opcode ID: 36ada0748ce7ae867fc8d0b968c8e92e83edef51ded80e37bf17f681d92f4674
                                                                  • Instruction ID: e32ce3efbecf0e845fb5c017bd6949167df468d5a0ad1b28c98723774e94ba96
                                                                  • Opcode Fuzzy Hash: 36ada0748ce7ae867fc8d0b968c8e92e83edef51ded80e37bf17f681d92f4674
                                                                  • Instruction Fuzzy Hash: 79C17E313046059BD718DF15C494BEA77A6BFC8704F18856EE8498F382CB79ED42CB9A
                                                                  Function 004D8B00 Relevance: 9.1, APIs: 6, Instructions: 53sleepCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • timeKillEvent.WINMM(?,?,?,00000000,?,0041D4A9), ref: 004D8B13
                                                                  • Sleep.KERNEL32(00000001,?,0041D4A9), ref: 004D8B2D
                                                                  • waveOutReset.WINMM(?,?,0041D4A9), ref: 004D8B34
                                                                  • waveOutUnprepareHeader.WINMM(?,-000013C4,00000020,?,?,0041D4A9), ref: 004D8B5A
                                                                  • Sleep.KERNEL32(00000001,?,?,0041D4A9), ref: 004D8B63
                                                                  • waveOutClose.WINMM(?,?,0041D4A9), ref: 004D8B86
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: wave$Sleep$CloseEventHeaderKillResetUnpreparetime
                                                                  • String ID:
                                                                  • API String ID: 3030913982-0
                                                                  • Opcode ID: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                                                  • Instruction ID: 723e303dfaa0e6e3e16fcc3d7d301ea8209cd941138754b25ec6b12d62c8e06b
                                                                  • Opcode Fuzzy Hash: 8109bb966e39f4028d6bd6d558cf8393c4574c35e2cabacb2eafa3e008f2b1ca
                                                                  • Instruction Fuzzy Hash: 0401ADB5A00214ABC3149F14EC88AAEB7F8FB98B11F00091BF41497301CB79A9598BF5
                                                                  Function 004CF830 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 160fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000,?,?,?,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF94E
                                                                  • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,-00000001,00000000,00000000,2E736D6D,?,?,00000000,00000000), ref: 004CF99D
                                                                  • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000002,-00000001,00000000), ref: 004CF9BF
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CreateFile
                                                                  • String ID: \\?\
                                                                  • API String ID: 823142352-4282027825
                                                                  • Opcode ID: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                                                  • Instruction ID: d900b4c61e2357813c95f9d4093febd61d3ae0210469f6574eac6d9984f09979
                                                                  • Opcode Fuzzy Hash: daeb41911831d80bc6e531fad3d0e57e46336e4ff8e700678b0c9ea4e3aad5f5
                                                                  • Instruction Fuzzy Hash: A141C2B5904300BBEB50EB21DC86F1B77A9EB89348F24092EF54597381D63DDC48C7A6
                                                                  Function 004DD6F0 Relevance: 8.8, APIs: 7, Instructions: 54COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • EnterCriticalSection.KERNEL32(?,00000000,?,?,004DDFDB,000000FF,00000001,004DE7BA), ref: 004DD6FC
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 004DD71E
                                                                    • Part of subcall function 004FA760: EnterCriticalSection.KERNEL32(?,?,00000000,0015381C,?,004DD732), ref: 004FA76A
                                                                    • Part of subcall function 004FA760: LeaveCriticalSection.KERNEL32(?), ref: 004FA77A
                                                                    • Part of subcall function 004DC9A0: EnterCriticalSection.KERNEL32 ref: 004DCA0C
                                                                    • Part of subcall function 004DC9A0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?), ref: 004DCA1D
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004DD741
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004DD744
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 004DD74C
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004DD771
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004DD774
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$Leave$Enter
                                                                  • String ID:
                                                                  • API String ID: 2978645861-0
                                                                  • Opcode ID: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                                                  • Instruction ID: 32add75de912499d63db8df7e296ef1919b4cd71e3024a8d459c2c8f380e6b48
                                                                  • Opcode Fuzzy Hash: ff1ce3d31db78686b43d8a54f5086c5c7705279757a9b448e26e3c6c897d228c
                                                                  • Instruction Fuzzy Hash: 59012975302A155FD324EB2ADC90B6BE3F9AF91354F00842FE546C3750CB64FC058AA9
                                                                  Function 004D8640 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateWindowExA.USER32(00000000,STATIC,Dummy,80000000,00000000,00000000,00000005,00000005,00000000,00000000,00000000,00000000), ref: 004D866B
                                                                  • SetWindowLongA.USER32(00000000,000000EB,00000000), ref: 004D8683
                                                                  • SetWindowLongA.USER32(?,000000FC,004D8520), ref: 004D8690
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: Window$Long$Create
                                                                  • String ID: Dummy$STATIC
                                                                  • API String ID: 1733017098-132613206
                                                                  • Opcode ID: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                                                  • Instruction ID: 60c9263fdfddd51d1a46959990d996e43c4a0f9c9599785539e6d357df671051
                                                                  • Opcode Fuzzy Hash: fd32e9f0fa554accdce7ab5b00cc8db694d7956c6883c39d3d5e1831a2aabb4c
                                                                  • Instruction Fuzzy Hash: 35F0303138471076E630A66ABC06F57B6EC9B59F31F21071AB319F76E0DAE0F8004A2C
                                                                  Function 004F5A70 Relevance: 7.6, APIs: 6, Instructions: 129COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • EnterCriticalSection.KERNEL32(?,00000010,?,00000000,00000000,004EF87C,?,?,004AC02B,?,?), ref: 004F5A80
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F5A8A
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 004F5B2E
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F5B3D
                                                                  • EnterCriticalSection.KERNEL32(?,00000002), ref: 004F5B78
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F5B8A
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$EnterLeave
                                                                  • String ID:
                                                                  • API String ID: 3168844106-0
                                                                  • Opcode ID: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                                                  • Instruction ID: 42192e3c7faa4449eaa7148df56c5331408008ed83f87a65c0d534a8c29348b8
                                                                  • Opcode Fuzzy Hash: 8535169f944d0783d85488a8bb89f9586f38ba5067d93ebdde6dc43345f3772a
                                                                  • Instruction Fuzzy Hash: EE41B634300B0D5BD7259F319894BBB77A9AF80704F08415EEB6A8B392DB18FC15D768
                                                                  Function 004F26C0 Relevance: 7.6, APIs: 5, Instructions: 84timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • timeGetTime.WINMM(?,?,?,?,?,?), ref: 004F274C
                                                                  • EnterCriticalSection.KERNEL32(?,00000000,?,?,?), ref: 004F277D
                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 004F2787
                                                                  • timeGetTime.WINMM(?,?), ref: 004F2792
                                                                  • timeGetTime.WINMM(?,?,?,?,?), ref: 004F27C6
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: Timetime$CriticalSection$EnterLeave
                                                                  • String ID:
                                                                  • API String ID: 1404962471-0
                                                                  • Opcode ID: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                                                  • Instruction ID: 9d8894fa7cd5c1a3a8d1574b016894ebc4e8e1121a62fd2c9071eafdbb47ea2c
                                                                  • Opcode Fuzzy Hash: a89c063fba00ccfe3890218cc2904d983b2cb644380e86a839d779b6257dffc4
                                                                  • Instruction Fuzzy Hash: B531BC35208B049BC314DF25E9956ABB7F1FFC9720F148A2DE4EA83390DB34A419CB56
                                                                  Function 005293B0 Relevance: 7.6, APIs: 5, Instructions: 77sleepCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 00529421
                                                                  • Sleep.KERNEL32(00000000,?,08000041,?,?,00529592,?,?), ref: 00529431
                                                                  • InterlockedCompareExchange.KERNEL32(00000378,00000001,00000000), ref: 0052943A
                                                                  • InterlockedExchange.KERNEL32(00000378,00000000), ref: 0052944F
                                                                  • __aulldiv.LIBCMT ref: 0052947B
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: ExchangeInterlocked$Compare$Sleep__aulldiv
                                                                  • String ID:
                                                                  • API String ID: 1430435781-0
                                                                  • Opcode ID: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                                                  • Instruction ID: c7c6432b147b16162d76303af8a74e071e756cb34c164aed74e4a8b1f06fd785
                                                                  • Opcode Fuzzy Hash: b59d1b6a3d222f96c2a2779c59a8c3b1568ac668232a9a2a2876ff2baf467b8b
                                                                  • Instruction Fuzzy Hash: 9C215AB15007409FD7219F2A9844A67FEFCFFA1705F10851FA45A873A1D7B4A904CB64
                                                                  Function 004F5CB0 Relevance: 7.6, APIs: 6, Instructions: 69COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5FEB,?,00000000,?,?,00000000,?), ref: 004F5CC0
                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CCE
                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004F732F,?), ref: 004F5CDE
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F5D07
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 004F5D48
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F5D56
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$EnterLeave
                                                                  • String ID:
                                                                  • API String ID: 3168844106-0
                                                                  • Opcode ID: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                                                  • Instruction ID: 3111dceef54b192a201187cebb12310cd19e01e5115420dd7c98ed3fae01612e
                                                                  • Opcode Fuzzy Hash: 8da342b9338abc9bf1cf0fb8044ab95eed2f33d4d982754cc72795221a6dba27
                                                                  • Instruction Fuzzy Hash: 2921A73520174A4BD710AF66E888BFFB7B8EB60305F00852FEB4643251C779A84ADB64
                                                                  Function 004D8010 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateSolidBrush.GDI32(?), ref: 004D802E
                                                                  • SelectObject.GDI32(?,00000000), ref: 004D8044
                                                                  • FillRect.USER32(?,?,00000000), ref: 004D8067
                                                                  • SelectObject.GDI32(?,00000000), ref: 004D8075
                                                                  • DeleteObject.GDI32(00000000), ref: 004D8078
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: Object$Select$BrushCreateDeleteFillRectSolid
                                                                  • String ID:
                                                                  • API String ID: 3777265051-0
                                                                  • Opcode ID: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                                                  • Instruction ID: d8a686452ba02d7e488f009474b8275e6b936404318e954abf19810798465268
                                                                  • Opcode Fuzzy Hash: 3992c7499909c7ac510ee1e8195cc4d617522fd8d389773b43c489c091130502
                                                                  • Instruction Fuzzy Hash: 76019A752042046FC304DB69ED88C6B7BF8EACD614B000A5DFA8983312E635E806DB71
                                                                  Function 004E4660 Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • EnterCriticalSection.KERNEL32(?,?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E468C
                                                                  • LeaveCriticalSection.KERNEL32(?,0041D485), ref: 004E46A2
                                                                  • DeleteCriticalSection.KERNEL32(?,000007D0,?,?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D0
                                                                  • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46D9
                                                                  • DeleteCriticalSection.KERNEL32(?,?,004E515B,?,?,00000000,0041D485), ref: 004E46E6
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$Delete$EnterLeave
                                                                  • String ID:
                                                                  • API String ID: 3104255891-0
                                                                  • Opcode ID: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                                                  • Instruction ID: c031ed0988ac34fb64eb35ca7992c3622ed3d26c78e5592643255ae209dbdd49
                                                                  • Opcode Fuzzy Hash: 9344d0e21620c09b28f686a70e2872a698c0d1dfac57927c88a57cb864f4338f
                                                                  • Instruction Fuzzy Hash: D101D4B750060C5BC2106B35EC81BAF73A8AFC4214F05051EF54F93241DA68B8088BA1
                                                                  Function 004D9C20 Relevance: 7.5, APIs: 5, Instructions: 30clipboardCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • OpenClipboard.USER32(00000000), ref: 004D9C27
                                                                  • GetClipboardData.USER32(00000001), ref: 004D9C3A
                                                                  • GetClipboardData.USER32(0000000D), ref: 004D9C42
                                                                  • GetClipboardData.USER32(00000000), ref: 004D9C4B
                                                                  • CloseClipboard.USER32 ref: 004D9C56
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: Clipboard$Data$CloseOpen
                                                                  • String ID:
                                                                  • API String ID: 464010812-0
                                                                  • Opcode ID: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                                                  • Instruction ID: 2f18cbc0f6c8a3dbd26954e8439ab7c802a903eab365c315afdcc22c9d276e9e
                                                                  • Opcode Fuzzy Hash: 3896003866d9e196f5e942c735a105be1c3c3aad61074d0ab1b34134e7345e92
                                                                  • Instruction Fuzzy Hash: 41E09AB230022517EB9026BA6C4CF97A2EC9F54F90F050123F604C6340E6A6CC0457B1
                                                                  Function 004CFD10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 112COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetFileAttributesExA.KERNEL32(?,00000000,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?), ref: 004CFE0F
                                                                    • Part of subcall function 004CB0E0: GetVersionExA.KERNEL32 ref: 004CB0FB
                                                                  • GetFileAttributesExW.KERNEL32(00000000,00000000,?,?,?,00000000,2E736D6D,?,?,?,?,?,?,?,?,0041C852), ref: 004CFDAF
                                                                  • GetFileAttributesExA.KERNEL32(00000000,00000000,?,2E736D6D,?,?,?,?,?,?,?,?,0041C852,00000000,?,00000000), ref: 004CFDED
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: AttributesFile$Version
                                                                  • String ID: \\?\
                                                                  • API String ID: 3849939888-4282027825
                                                                  • Opcode ID: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                                                  • Instruction ID: f991edffad243b4bd670aca913d189ed867c40d808b57564552852d0b3f79ee3
                                                                  • Opcode Fuzzy Hash: f361000200f27e6454158b11577cb5cd6586d4ef8c56bbe8a0e4f20a4d525da9
                                                                  • Instruction Fuzzy Hash: 6431277A90031067D710AA65AC42FEB73995F85704F54042FF90687352EB6D9C0EC2EA
                                                                  Function 004FA670 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • EnterCriticalSection.KERNEL32(?,00000000,00000000), ref: 004FA67B
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004FA749
                                                                    • Part of subcall function 004F9B30: EnterCriticalSection.KERNEL32(?,00000000,?,004FA7A6,?,?,00153804), ref: 004F9B35
                                                                    • Part of subcall function 004F9B30: LeaveCriticalSection.KERNEL32(?), ref: 004F9B84
                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000100,00000000,00000000,?), ref: 004FA715
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$EnterLeave$ByteCharMultiWide
                                                                  • String ID: FriendlyName
                                                                  • API String ID: 904232820-3623505368
                                                                  • Opcode ID: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                                                  • Instruction ID: 4f25218f4a75fa1caa45750efdb6ff353ea89136e06b91a5ad3ed6f7a0914714
                                                                  • Opcode Fuzzy Hash: 959ce2fe4b047605d4d04147b9c19dc8780e3383a8dda147e2258153261544ba
                                                                  • Instruction Fuzzy Hash: 9A212A75244301AFD220EB54DC49F5BB7F8BF88714F008A1DFA899B290D774F8098BA6
                                                                  Function 004CAB90 Relevance: 6.2, APIs: 4, Instructions: 211COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateCompatibleDC.GDI32(00000000), ref: 004CADB4
                                                                  • CreateDIBSection.GDI32(00000000,?,00000000,?,00000000,00000000), ref: 004CADC8
                                                                  • GetObjectA.GDI32(00000000,00000018,?), ref: 004CADD8
                                                                  • DeleteDC.GDI32(00000000), ref: 004CADFF
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: Create$CompatibleDeleteObjectSection
                                                                  • String ID:
                                                                  • API String ID: 3137390749-0
                                                                  • Opcode ID: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                                                  • Instruction ID: ec125f8efd539a004f5243cd975522e641b23088832de904e1665531ca55df12
                                                                  • Opcode Fuzzy Hash: a74e2540195e9566e7a2ac5dffe2e2de3f45b10f51a9d4c1ea3247f6bedff2c4
                                                                  • Instruction Fuzzy Hash: 2981AFB56043458FC324CF29D484A67FBF1BF98314F148A6ED58A87712D334E989CBA6
                                                                  Function 0079E5EA Relevance: 6.2, APIs: 4, Instructions: 168COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000003.1580553327.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_3_770000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: AdjustPointer
                                                                  • String ID:
                                                                  • API String ID: 1740715915-0
                                                                  • Opcode ID: e93d7e5d452ce734d2e2462fa7bb03522d0fd6ff82d28459489596ce1c95da32
                                                                  • Instruction ID: 9eb4f438231cdf1f5a0390a81fae76cf41a7faa79662d3ed8606b3b5fb6622e9
                                                                  • Opcode Fuzzy Hash: e93d7e5d452ce734d2e2462fa7bb03522d0fd6ff82d28459489596ce1c95da32
                                                                  • Instruction Fuzzy Hash: 14510F72605206EFDF29CF54F985BAAB7A4EF58310F24452DE802872A1E73DEC51CB91
                                                                  Function 0052AFD0 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • QueryPerformanceCounter.KERNEL32 ref: 0052AFF0
                                                                  • QueryPerformanceCounter.KERNEL32(?), ref: 0052B016
                                                                    • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C25F
                                                                    • Part of subcall function 0040C250: Sleep.KERNEL32(00000000,?,?,0052B390,?,004012F9,00000008), ref: 0040C272
                                                                    • Part of subcall function 0040C250: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0040C279
                                                                  • InterlockedExchange.KERNEL32(?,00000000), ref: 0052B050
                                                                  • QueryPerformanceCounter.KERNEL32(?), ref: 0052B05B
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CounterExchangeInterlockedPerformanceQuery$Compare$Sleep
                                                                  • String ID:
                                                                  • API String ID: 188302963-0
                                                                  • Opcode ID: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                                                  • Instruction ID: 331ae7ec3883c6fb41667714d1c2397b805b788a0704fbfdebc2abdcd4384ec1
                                                                  • Opcode Fuzzy Hash: c96cf593c803fdbd1df6e800226bb337d538f109cfd51101e6c499ec62b01222
                                                                  • Instruction Fuzzy Hash: 19212A75604712ABC318DF65D884A9AF7E8BF89300F040A1DE85993780D734F918CBA2
                                                                  Function 004E5C20 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 61COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 004E4850: waveInGetNumDevs.WINMM(defaultmicrophone,00000000,?,00000000,?,?,?,?,004E8459,?,?,?,?,?,?,?), ref: 004E489B
                                                                    • Part of subcall function 004E4C80: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C7E,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E4C8A
                                                                    • Part of subcall function 004E4C80: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E4CD7
                                                                    • Part of subcall function 004E3860: EnterCriticalSection.KERNEL32(?,00000000,?,004E5C91,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E3868
                                                                    • Part of subcall function 004E3860: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E388F
                                                                    • Part of subcall function 004E5B40: EnterCriticalSection.KERNEL32(?,00000000,?,00000000,?,004E5C9B,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?), ref: 004E5B4C
                                                                    • Part of subcall function 004E5B40: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5B71
                                                                  • EnterCriticalSection.KERNEL32(00000004,00000000,?,00000000,00000000,00000000,echosuppression,gain,00000000,00000000,?,?,004E8459), ref: 004E5CA2
                                                                  • LeaveCriticalSection.KERNEL32(00000004,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E5CB2
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$EnterLeave$Devswave
                                                                  • String ID: echosuppression$gain
                                                                  • API String ID: 967401230-1829011300
                                                                  • Opcode ID: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                                                  • Instruction ID: eec625d20ecc8ac728587d7ca18c0fda910ff7f544bd80cb39fcd025b5d808b6
                                                                  • Opcode Fuzzy Hash: 546b0f3ebceeb7a0da23e6f321f446937bde9f1e62618b4c4d58b1762877edae
                                                                  • Instruction Fuzzy Hash: 4C118E35700B449BC711EB67C9A1A2BB3B9BF8871AB15049EE5464B741CB24FC02CBA4
                                                                  Function 00509EC0 Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 0050B060: CreateEventA.KERNEL32(00000000,?,00000000,00000000,00000000,00509F02,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E), ref: 0050B06E
                                                                  • InitializeCriticalSection.KERNEL32(0000007C,00000001,00000001,00000000,00000000,?,0000007C,?,00000004,00000000,00000008,00000000,004F924E,00549D98,?,?), ref: 00509F34
                                                                  • InitializeCriticalSection.KERNEL32(00000094,?,?,?,?,?,?,?,?,00153804), ref: 00509F3D
                                                                  • InitializeCriticalSection.KERNEL32 ref: 00509F6E
                                                                  • SetEvent.KERNEL32 ref: 00509F74
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalInitializeSection$Event$Create
                                                                  • String ID:
                                                                  • API String ID: 662013055-0
                                                                  • Opcode ID: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                                                  • Instruction ID: a00b6d7b902e657a52a59b9571d5736a80dfe09fbfe7896e9036a1fe9281f1e6
                                                                  • Opcode Fuzzy Hash: 8b41bb8ea36a2531d5352067329df235b3019d45486671b4f72c125a1e36c2c0
                                                                  • Instruction Fuzzy Hash: 9B21C4B1540B049FE320DF6AD884A9BFBE8FF94704F00490EE1AA83661D7B1B405CB61
                                                                  Function 0079DE91 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0079DEAD
                                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0079DEC6
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000003.1580553327.0000000000770000.00000040.00000400.00020000.00000000.sdmp, Offset: 00770000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_3_770000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: Value___vcrt_
                                                                  • String ID:
                                                                  • API String ID: 1426506684-0
                                                                  • Opcode ID: a5c6c870cbe02360b2234619489db598323c740032db365f4575ed4472c763a2
                                                                  • Instruction ID: 00b83a8abc7ce385ab32bf354e41978ee56b478a752cb83b12f0cae4687b3bd0
                                                                  • Opcode Fuzzy Hash: a5c6c870cbe02360b2234619489db598323c740032db365f4575ed4472c763a2
                                                                  • Instruction Fuzzy Hash: 1801FC32149351AEAE3537747CCA96A27A9EB56774B200329F525491E1EF2D5C016344
                                                                  Function 004D2AA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetSystemDirectoryA.KERNEL32(?,00000105), ref: 004D2AB9
                                                                  • CreateCompatibleDC.GDI32(00000000), ref: 004D2B3D
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CompatibleCreateDirectorySystem
                                                                  • String ID: Macromed\Flash\
                                                                  • API String ID: 2606042488-1438515271
                                                                  • Opcode ID: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                                                  • Instruction ID: 299e9cb63676f09c6c690dce7675c16131e739682a5e940449f79e26451de6f9
                                                                  • Opcode Fuzzy Hash: d451729974a22e2174cc262673041bd25aa8ed66c57df716bc48c0d66078c0ab
                                                                  • Instruction Fuzzy Hash: 8F118A711047016FC704EF21EC52AAF77E4BF98704F40491EF19943281DB78A908CFAA
                                                                  Function 004F2BF0 Relevance: 5.1, APIs: 4, Instructions: 99COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,004F5B22,00000001,000000FF), ref: 004F2BFE
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F2C88
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F2CCE
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F2CF1
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$Leave$Enter
                                                                  • String ID:
                                                                  • API String ID: 2978645861-0
                                                                  • Opcode ID: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                                                  • Instruction ID: d821757bbb06b5f881817bb4be3b83133dcd2ebdcf47b2e92145d0cebd45ebc1
                                                                  • Opcode Fuzzy Hash: 72ef37a4ce696f50df890290b9b7b99c0f9e4ea6355bbf9b4210c3caf82ba29b
                                                                  • Instruction Fuzzy Hash: D631D2762042854FD3248F29D898A3BBBF5EFD9351F19856EE696C7381C779D808C720
                                                                  Function 004F64A0 Relevance: 5.0, APIs: 4, Instructions: 45COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,004F7247,?), ref: 004F64C1
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F64E6
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 004F64EC
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004F6515
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$EnterLeave
                                                                  • String ID:
                                                                  • API String ID: 3168844106-0
                                                                  • Opcode ID: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                                                  • Instruction ID: c39e4b2d7a975ea5970b06f88a1f0ae82272a8bb6f48ad921d14b69448efe04b
                                                                  • Opcode Fuzzy Hash: f847da26358d00d5442f5224005a34bf56e55c89d248726b642e497024ea2ade
                                                                  • Instruction Fuzzy Hash: FC0188352003485BC714EF24D880A77F3A9AF46258B19559DE5C657342CA39EC06CBA4
                                                                  Function 00401380 Relevance: 5.0, APIs: 4, Instructions: 39COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • EnterCriticalSection.KERNEL32(?), ref: 0040139D
                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004013B3
                                                                  • EnterCriticalSection.KERNEL32(00000005), ref: 004013CA
                                                                  • LeaveCriticalSection.KERNEL32(00000005), ref: 004013D8
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.1584532181.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.1584502801.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584674046.000000000053D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000555000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584717080.0000000000562000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000628000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.00000000006F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.0000000000700000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000003.00000002.1584797164.000000000073C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_SqWzv6g2gV.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$EnterLeave
                                                                  • String ID:
                                                                  • API String ID: 3168844106-0
                                                                  • Opcode ID: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                                                  • Instruction ID: 1dc668918495c93d19b35d2f921703afc781594381be1afc9f76799b5a6aac2f
                                                                  • Opcode Fuzzy Hash: be455565a85d393211932c010ec7194a6f72a0f8e03aef377b487af276531eef
                                                                  • Instruction Fuzzy Hash: 280112B620070AAFC310CF69D884946FBF8FFA8314B10C55AE95983711C771F956CBA0

                                                                  Executed Functions

                                                                  Function 009F02D8 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 169memoryfileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 009F0326
                                                                    • Part of subcall function 009F00A4: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 009F00CD
                                                                    • Part of subcall function 009F00A4: VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 009F0279
                                                                  • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 009F0378
                                                                  • VirtualProtect.KERNELBASE(0000002C,?,00000040,?), ref: 009F03E7
                                                                  • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 009F0407
                                                                  • MapViewOfFile.KERNELBASE(?,00000004,00000000,00000000,00000000), ref: 009F042E
                                                                  • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 009F0456
                                                                  • CloseHandle.KERNELBASE(?), ref: 009F0471
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000003.1581068497.00000000009F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_3_9f0000_svchost.jbxd
                                                                  Similarity
                                                                  • API ID: Virtual$Alloc$Free$CloseFileHandleProtectView
                                                                  • String ID: ,
                                                                  • API String ID: 3867569247-3772416878
                                                                  • Opcode ID: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                                                  • Instruction ID: 169f96e52bcbd1553d37f58cfde1467122b009876ff6af7e1e9276bd505f1fa4
                                                                  • Opcode Fuzzy Hash: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                                                  • Instruction Fuzzy Hash: 6E612EB1900209EFDB20DFA5C884AEEBBBDFF48354F148519FA59A7251D770E940CB60
                                                                  Function 009F00A4 Relevance: 2.7, APIs: 2, Instructions: 163memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 009F00CD
                                                                  • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 009F0279
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000003.1581068497.00000000009F0000.00000040.00000001.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_3_9f0000_svchost.jbxd
                                                                  Similarity
                                                                  • API ID: Virtual$AllocFree
                                                                  • String ID:
                                                                  • API String ID: 2087232378-0
                                                                  • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                  • Instruction ID: 4ff6d7de712bcd65c866e51bc02e02a12e8d51058cd0921533693a7cce56b6a7
                                                                  • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                  • Instruction Fuzzy Hash: 6371AE71E0424ADFDB41CF98C885BEDBBF4AF09314F244495E5A5F7242C238AA91DF64

                                                                  Execution Graph

                                                                  Execution Coverage:33.4%
                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                  Signature Coverage:83.3%
                                                                  Total number of Nodes:24
                                                                  Total number of Limit Nodes:0
                                                                  execution_graph 415 254ac2c1cf4 417 254ac2c1d19 415->417 416 254ac2c1fa1 417->416 426 254ac2c15c0 417->426 419 254ac2c1f98 CloseHandle 419->416 420 254ac2c1f88 NtAcceptConnectPort 420->419 421 254ac2c1e3a 421->419 421->420 422 254ac2c1ecd 421->422 429 254ac2c0ac8 421->429 422->422 435 254ac2c1aa4 NtAcceptConnectPort 422->435 427 254ac2c15f4 NtAcceptConnectPort 426->427 427->421 430 254ac2c0c62 429->430 431 254ac2c0ae8 429->431 430->422 431->430 432 254ac2c0be8 NtAcceptConnectPort 431->432 432->430 433 254ac2c0c1b 432->433 433->430 434 254ac2c0c33 NtAcceptConnectPort 433->434 434->430 436 254ac2c1c04 435->436 437 254ac2c1af7 435->437 436->420 441 254ac2c1870 437->441 439 254ac2c1b10 440 254ac2c1bb6 NtAcceptConnectPort 439->440 440->436 443 254ac2c1889 441->443 442 254ac2c1949 442->439 443->442 444 254ac2c1930 GetProcessMitigationPolicy 443->444 444->442

                                                                  Callgraph

                                                                  Executed Functions

                                                                  Function 00000254AC2C1CF4 Relevance: 3.3, APIs: 2, Instructions: 278nativeCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000008.00000002.2018538417.00000254AC2C0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000254AC2C0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_8_2_254ac2c0000_fontdrvhost.jbxd
                                                                  Similarity
                                                                  • API ID: AcceptCloseConnectHandlePort
                                                                  • String ID:
                                                                  • API String ID: 3811980168-0
                                                                  • Opcode ID: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                                                  • Instruction ID: 001e49dc32ac8f0e169e9fa787b7e2c092b21f45a0cea0f335b793248103ea4a
                                                                  • Opcode Fuzzy Hash: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                                                  • Instruction Fuzzy Hash: BB910B35548F084FDBE8EF18C8567E5B3E1FB84315F14466EE48BC3195EA34A9828785
                                                                  Function 00000254AC2C0AC8 Relevance: 3.2, APIs: 2, Instructions: 185nativeCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000008.00000002.2018538417.00000254AC2C0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000254AC2C0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_8_2_254ac2c0000_fontdrvhost.jbxd
                                                                  Similarity
                                                                  • API ID: AcceptConnectPort
                                                                  • String ID:
                                                                  • API String ID: 1658770261-0
                                                                  • Opcode ID: 275693e7d66e5d53f7e2184dfa7c88ce453f9d9d0d3e8ba4525500231a394657
                                                                  • Instruction ID: 66b42b2e02abaf208482abee475aead50d3ceae5fd129ad126d96f88f74928ce
                                                                  • Opcode Fuzzy Hash: 275693e7d66e5d53f7e2184dfa7c88ce453f9d9d0d3e8ba4525500231a394657
                                                                  • Instruction Fuzzy Hash: B251263595CE150AE3ACB63888A96B8B7D0F79130AF34055EE1E3C6193E934C7868786
                                                                  Function 00000254AC2C1AA4 Relevance: 3.2, APIs: 2, Instructions: 150nativeCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000008.00000002.2018538417.00000254AC2C0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000254AC2C0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_8_2_254ac2c0000_fontdrvhost.jbxd
                                                                  Similarity
                                                                  • API ID: AcceptConnectPort$MitigationPolicyProcess
                                                                  • String ID:
                                                                  • API String ID: 2923266908-0
                                                                  • Opcode ID: e7c877b781110a0d6e647df344fb2e40eb660a4b7f668a210715c22aed20397b
                                                                  • Instruction ID: 5810be8528ca47c0f0f6d4641866ab05c9cc3f004e890efe41edbef564590a25
                                                                  • Opcode Fuzzy Hash: e7c877b781110a0d6e647df344fb2e40eb660a4b7f668a210715c22aed20397b
                                                                  • Instruction Fuzzy Hash: B341E231608F488FDB88EF2C9C897957BD1EB55320F0443AEE85ACB2D7DA34C9458796
                                                                  Function 00000254AC2C15C0 Relevance: 1.6, APIs: 1, Instructions: 76nativeCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 118 254ac2c15c0-254ac2c15f2 119 254ac2c15f9-254ac2c15fb 118->119 120 254ac2c15f4-254ac2c15f7 118->120 122 254ac2c15fd-254ac2c1609 119->122 123 254ac2c160b-254ac2c160d 119->123 121 254ac2c161f-254ac2c166d NtAcceptConnectPort 120->121 122->121 124 254ac2c161d 123->124 125 254ac2c160f-254ac2c161b 123->125 124->121 125->121
                                                                  APIs
                                                                  • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,00000000,00000254AC2C1E3A), ref: 00000254AC2C1654
                                                                  Memory Dump Source
                                                                  • Source File: 00000008.00000002.2018538417.00000254AC2C0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000254AC2C0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_8_2_254ac2c0000_fontdrvhost.jbxd
                                                                  Similarity
                                                                  • API ID: AcceptConnectPort
                                                                  • String ID:
                                                                  • API String ID: 1658770261-0
                                                                  • Opcode ID: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                                                  • Instruction ID: 7b8903ee648f796e31860f9795b2e794ea0be90dca0ed9d7cb31f10d0b4db6b0
                                                                  • Opcode Fuzzy Hash: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                                                  • Instruction Fuzzy Hash: 27213071908B048FDB98DF18C88A665F7E1FB68309F140A7EF44AC7250E731D985CB45
                                                                  Function 00000254AC2C1870 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 95 254ac2c1870-254ac2c18a0 call 254ac2c08a4 * 2 100 254ac2c1954-254ac2c195b 95->100 101 254ac2c18a6-254ac2c18a9 95->101 101->100 102 254ac2c18af-254ac2c18b9 101->102 102->100 103 254ac2c18bf-254ac2c18c4 102->103 103->100 104 254ac2c18ca-254ac2c18d7 103->104 104->100 105 254ac2c18d9-254ac2c18e1 104->105 105->100 106 254ac2c18e3-254ac2c18ee 105->106 106->100 107 254ac2c18f0-254ac2c18f7 106->107 107->100 108 254ac2c18f9-254ac2c18fc 107->108 108->100 109 254ac2c18fe-254ac2c1906 108->109 109->100 110 254ac2c1908-254ac2c190b 109->110 110->100 111 254ac2c190d-254ac2c1916 110->111 111->100 112 254ac2c1918-254ac2c191c 111->112 112->100 113 254ac2c191e-254ac2c192e 112->113 113->100 115 254ac2c1930-254ac2c1947 GetProcessMitigationPolicy 113->115 115->100 116 254ac2c1949-254ac2c194e 115->116 116->100 117 254ac2c1950-254ac2c1951 116->117 117->100
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000008.00000002.2018538417.00000254AC2C0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000254AC2C0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_8_2_254ac2c0000_fontdrvhost.jbxd
                                                                  Similarity
                                                                  • API ID: MitigationPolicyProcess
                                                                  • String ID:
                                                                  • API String ID: 1088084561-0
                                                                  • Opcode ID: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                                                  • Instruction ID: cf4d3f2bbae4c3633f27d64abd782deabef80baec685ba16f2456d14e93f04a0
                                                                  • Opcode Fuzzy Hash: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                                                  • Instruction Fuzzy Hash: 2631B436948E074AEBEDE6688CA97F1B2D0EB8431AF1402B9E015D30D1FA35CEC9D644

                                                                  Non-executed Functions

                                                                  Function 00000254AC2C0511 Relevance: .0, Instructions: 9COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000008.00000002.2018538417.00000254AC2C0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000254AC2C0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_8_2_254ac2c0000_fontdrvhost.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                                                  • Instruction ID: 1684949b0e2b346c4f6e13502068689c61c9b2d028cdf62c4328b71d82623ec0
                                                                  • Opcode Fuzzy Hash: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                                                  • Instruction Fuzzy Hash: CFB01130E2AA00C2E3880E0AB8023A0F2B2C30B300F02B2322002F3220CA28CC08028F